mailing list archives
Re: SQL Injection
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 28 Jun 2004 20:34:20 -0500
On Wed, 2004-06-16 at 08:08, Jeff Williams wrote:
Output validation is intended to protect against attempts to inject attacks
into the browser. The most important of these is cross-site scripting, which
is covered by the Top Ten A4, and HTML entity encoding is suggested there.
I understand the notion of "output validation" doesn't sound very sexy.
I also understand that it is considered included in the XSS section of
the OWASP guide. But I believe that a lot of folks underestimate or
overlook/neglect the area of validating output for safety and fitness of
date for displaying in a browser.
So I'd like to ask: What can be done to put more educational emphasis
and/or awareness to validation output? What are the thoughts of others
in this forum?
Description: This is a digitally signed message part
Re: SQL Injection Jeff Williams (Jun 14)
Re: SQL Injection Stephen de Vries (Jun 17)