Security Basics mailing list archives
Re: Re: Web Application Security
From: jason.gerfen () gmail com
Date: 22 Jan 2008 18:38:29 -0000
Well if you are worried about XSS and SQL attacks within your web application teach yourself to write secure code. Some things you might want to consider prior to accepting any user input through the use of forms or URL passed variables with the GET method: 1. Anyone visiting your site is potentially an automated bot/spider/web based attack. 2. Any URI/URL/Form based input strings should be validated/sanitized/scrutinized prior to processing. Depending on the language(s) you are using to generate your web site/application just make sure you are performing validation on the URL GET variables as well as any POST variables being passed to your scripts/pages. I hope this helps. If you are limited with the web server/hosting solution where log monitoring and intrusion detection services are managed by the host, your web application can perform its own sanity checks and should be doing these types of checks anyways.
Current thread:
- Web Application Security mahendra_yn (Jan 22)
- Re: Web Application Security Jason Thompson (Jan 22)
- <Possible follow-ups>
- Re: Re: Web Application Security jason . gerfen (Jan 22)
- RE: Re: Web Application Security Marco M. Morana (Jan 23)
- Re: Web Application Security wer90 (Jan 22)