Re: Re: Web Application Security

[jason.gerfen () gmail com]

Well if you are worried about XSS and SQL attacks within your web application teach yourself to write secure code. Some 
things you might want to consider prior to accepting any user input through the use of forms or URL passed variables 
with the GET method:

1. Anyone visiting your site is potentially an automated bot/spider/web based attack.
2. Any URI/URL/Form based input strings should be validated/sanitized/scrutinized prior to processing.

Depending on the language(s) you are using to generate your web site/application just make sure you are performing 
validation on the URL GET variables as well as any POST variables being passed to your scripts/pages.

I hope this helps. If you are limited with the web server/hosting solution where log monitoring and intrusion detection 
services are managed by the host, your web application can perform its own sanity checks and should be doing these 
types of checks anyways.