WebApp Sec mailing list archives
Re: SQL Injection
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 28 Jun 2004 20:34:20 -0500
On Wed, 2004-06-16 at 08:08, Jeff Williams wrote:
Output validation is intended to protect against attempts to inject attacks into the browser. The most important of these is cross-site scripting, which is covered by the Top Ten A4, and HTML entity encoding is suggested there.
I understand the notion of "output validation" doesn't sound very sexy. I also understand that it is considered included in the XSS section of the OWASP guide. But I believe that a lot of folks underestimate or overlook/neglect the area of validating output for safety and fitness of date for displaying in a browser. So I'd like to ask: What can be done to put more educational emphasis and/or awareness to validation output? What are the thoughts of others in this forum? Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: encryption over the web, (continued)
- Re: encryption over the web exon (Jun 17)
- Re: SQL Injection Steven M. Christey (Jun 11)
- Re: SQL Injection Stephen de Vries (Jun 11)
- Re: SQL Injection Rogan Dawes (Jun 14)
- Re: SQL Injection David Cameron (Jun 16)
- Re: SQL Injection Sverre H. Huseby (Jun 16)
- Re: SQL Injection Alex Russell (Jun 17)
- Re: SQL Injection Stephen de Vries (Jun 11)
- Re: SQL Injection Frank Knobbe (Jun 16)
- Re: SQL Injection Jeff Williams (Jun 16)
- Re: SQL Injection Frank Knobbe (Jun 16)
- Re: SQL Injection Frank Knobbe (Jun 28)
- RE: SQL Injection Mutallip Ablimit (Jun 29)
- Re: SQL Injection gcb33 (Jun 29)
- Re: SQL Injection Alex Russell (Jun 16)
- RE: SQL Injection Clement Dupuis (Jun 14)
- Re: SQL Injection athena (Jun 17)
- Re: SQL Injection Frank Knobbe (Jun 21)