Security Basics mailing list archives
Re: Re: Basic security tests for web management application
From: jason.gerfen () gmail com
Date: 18 Apr 2008 13:03:52 -0000
Well you would probably want to validate any and all of the following outside input variables: Anything dealing with the URI Any forms dealing with POST/GET/REQUEST processing methods Some simple manual tests can be done with the following examples: Say you are wanting to check a URI for cross site scripting: http://www.example.com/?<script>alert('hi')</script> or http://www.example.com/?<script>document.write(document.cookie))</script> Now say your application deals with authentication through a standard web form with an SQL database storing your user credentials: 1' UNION SELECT * FROM user; <-use that in a field I gave you two very simple examples which if coded correctly your application should reject. For more information regarding the following attack vectors do a google search for XSS/SQL Injection attacks. HTH, Jas
Current thread:
- Basic security tests for web management application Ishay (Apr 17)
- Re: Basic security tests for web management application Adam Pal (Apr 17)
- Re: Basic security tests for web management application Gleb Paharenko (Apr 18)
- RE: Basic security tests for web management application Sergio Castro (Apr 18)
- <Possible follow-ups>
- Re: Re: Basic security tests for web management application jason . gerfen (Apr 18)