WebApp Sec mailing list archives

Re: RE: Canonicalization

From: jovan.burd () yahoo com
Date: 13 Apr 2006 05:29:19 -0000

Yes. All kinds of encoding must be decoded to simplest format.

Absence of Canonicalization might lead to a security flaw like SQL injection.

Lots of SQL injection takes place because the programmer of a web application has forgotten to convert a single quote 
(') to two single-quotes ('').

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

Current thread:

Re: Canonicalization, (continued)
- - Re: Canonicalization Rogan Dawes (Apr 12)
- RE: Canonicalization PPowenski (Apr 12)
- Re: Canonicalization Andrew van der Stock (Apr 12)
  - Re: Canonicalization Rossen Raykov (Apr 20)
    - Re: Canonicalization Peter Conrad (Apr 21)
    - Re: Canonicalization exon (Apr 21)
    - Re: Canonicalization Jason Murray (Apr 23)
    - Re: Canonicalization exon (Apr 24)
    - Re: Canonicalization Eoin (Apr 21)
    - Re: Canonicalization Andrew van der Stock (Apr 22)
- Re: RE: Canonicalization jovan . burd (Apr 13)
- Re: Re: Canonicalization susam_pal (Apr 13)
  - Re: Canonicalization Rogan Dawes (Apr 14)
  - Re: Canonicalization Jason (Apr 14)
  - Re: Re: Canonicalization Mariusz Pękala (Apr 14)
    - Re: Re: Canonicalization Peter Conrad (Apr 18)