Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: Canonicalization
From: Yann <cactux () gmail com>
Date: Wed, 12 Apr 2006 14:31:52 +0200
11 Apr 2006 13:12:29 -0000, susam_pal () yahoo co in <susam_pal () yahoo co in>:

I found the following paragraph in owasp.org. Can someone please elaborate on this?

Parameters must be converted to the simplest form before they are validated,
otherwise, malicious input can be masked and it can slip past filters. The process of
simplifying these encodings is called "canonicalization."


There is a (very short) article on Wikipedia, to begin with:
http://en.wikipedia.org/wiki/Canonicalization

There is an example, not directly related to security.

Yann
--
__________________________________________________________
Yann Cochard : http://yanncochard.com/
Au Cactus Francophone : http://www.cactuspro.com/
Kaella, Knoppix Linux Azur : http://kaella.linux-azur.org/

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]