WebApp Sec mailing list archives
#include file tag in HTML: possible issues?
From: "Giuseppe DELL'ERBA" <giuseppe.dellerba () st com>
Date: Fri, 13 Jan 2006 16:21:23 +0100
Hi all, I have to evaluate from security point of view an application that is going to add in its template pages the #include file tag. This will allow a section of code to be inserted in the page, and the code that is inserted may be stored in an external file. Do you think this feature can introduce possible security threats? And, eventually, the remediation needed? Thanks Peppe ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- #include file tag in HTML: possible issues? Giuseppe DELL'ERBA (Jan 14)
- Re: #include file tag in HTML: possible issues? Aman Raheja (Jan 15)
- RE: #include file tag in HTML: possible issues? Giuseppe DELL'ERBA (Jan 17)
- Re: #include file tag in HTML: possible issues? Jon Hart (Jan 17)
- <Possible follow-ups>
- RE: #include file tag in HTML: possible issues? Giuseppe DELL'ERBA (Jan 20)
- Re: #include file tag in HTML: possible issues? Aman Raheja (Jan 15)