WebApp Sec: Re: SQL Injection

[Frank Knobbe <frank () knobbe us>]

On Wed, 2004-06-16 at 08:08, Jeff Williams wrote:
> Output validation is intended to protect against attempts to inject attacks
> into the browser. The most important of these is cross-site scripting, which
> is covered by the Top Ten A4, and HTML entity encoding is suggested there.
I understand the notion of "output validation" doesn't sound very sexy.
I also understand that it is considered included in the XSS section of
the OWASP guide. But I believe that a lot of folks underestimate or
overlook/neglect the area of validating output for safety and fitness of
date for displaying in a browser.

So I'd like to ask: What can be done to put more educational emphasis
and/or awareness to validation output? What are the thoughts of others
in this forum?

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part