Security Basics mailing list archives
Re: checking web applications for exploits
From: Madhur Ahuja <ahuja.madhur () gmail com>
Date: Mon, 25 Jul 2011 20:58:18 +0530
* Make sure you have captcha for the registration form. * For the login form, make sure you lock the password after some attempts, otherwise it can be hacked using brute forcing tools such as Hydra. Madhur
On Mon, Jul 25, 2011 at 5:10 AM, Littlefield, Tyler <tyler () tysdomain com> wrote:Hello all: I'm working on a web application that is the registration and management frontend for a database-driven game. I've created the registration script, and I am on to my login script, but I want to know what sort of exploits and security problems exist for my current setup. I don't have a huge base, but I'd like to be able to pin these down and fix them as soon as possible. Is there a way to test these? What sorts of things do I need to look out for in terms of sessions and the like? I do not know much about security for web applications, so I am worried that I may have left something open that can be used to make a huge mess. Essentially my security looks like this. I created the user and the database, and I did not give the user a whole ton of privileges; I add those as-needed. Each input to the web form is validated based on length and a couple other factors depending on the data being inputted, and -anything- going to the database goes through this function before it gets validated. function CleanupInput($input) { return mysql_escape_string(addslashes($input)); } Any other thoughts? -- Take care, Ty my website: http://tds-solutions.net my blog: http://tds-solutions.net/blog skype: st8amnd127 My programs don't have bugs; they're randomly added features! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- checking web applications for exploits Littlefield, Tyler (Jul 25)
- Message not available
- Re: checking web applications for exploits Madhur Ahuja (Jul 25)
- Message not available
- Re: checking web applications for exploits Matthew Finkel (Jul 25)
- Re: checking web applications for exploits Maarten Hoogveld (Jul 26)
- Re: checking web applications for exploits Harshvardhan Parmar (Jul 27)
- RE: checking web applications for exploits Sheldon Malm (Jul 27)
- Re: checking web applications for exploits Maarten Hoogveld (Jul 26)