GentleGiant has written 87 Article(s). Page Num: 2
Avoiding XSS holes in sites that allow HTML For sites where users are allowed to use HTML, the goal is not to escape the input, but to restrict... Posted on: 01/24/12 at 14:54:09 EST
Password fields in user-submitted HTML Web sites should not allow users to put up forms with input type="password".... Posted on: 01/24/12 at 14:54:06 EST
Cross-site request forgery (CSRF) A Cross-site request forgery hole is when a malicious site can cause a visitor's browser to make a... Posted on: 01/24/12 at 14:54:04 EST
Preventing CSRF Make sure form submissions that cause server-side changes use your own forms. There are two ways... Posted on: 01/24/12 at 14:53:58 EST
Should I disable password manager? Financial sites such as banks frequently decide to disable password manager using the... Posted on: 01/24/12 at 14:53:51 EST
Purely server-side holes Some security holes in web sites don't involve web browsers at all and are therefore out of scope... Posted on: 01/24/12 at 14:53:48 EST
The Whys and Wherefores of Pattern Matching Pattern matching is more than just searching for some set of characters in your data; it’s a way... Posted on: 01/23/12 at 11:46:50 EST
The Facts on Cross Site Scripting Websites today are more complex than ever, containing a lot of dynamic content making the... Posted on: 01/22/12 at 22:25:51 EST
Handling or Filtering Metacharacters Many systems, such as the command line shell and SQL interpreters, have “metacharacters'',... Posted on: 01/22/12 at 22:25:43 EST
Technics to Prevent Cross Site Scritping Most existing browsers are capable of interpreting and executing scripts—created in such... Posted on: 01/22/12 at 22:25:35 EST
Stolen cookies: XSS attack results Cookie theft occurs when the the cookie issued by the application is hijacked for malicious... Posted on: 01/22/12 at 22:25:28 EST
Best practices for Web developers against XSS What about the designers and maintainers of Web sites? you can reduce the problem with a variety of... Posted on: 01/22/12 at 22:25:23 EST
Store Scripts in the cgi-bin Directory Only Is it better to store scripts in the cgi-bin directory, or to store them anywhere in the document... Posted on: 01/22/12 at 14:18:06 EST
What's the problem with CGI scripts? The problem with CGI scripts is that each one presents yet another opportunity for exploitable... Posted on: 01/22/12 at 14:16:35 EST