Geeks and Bloggers Portal
You are a guest user.
You can register for free by clicking
Log in to see who's on.
Most ever on: 145
» Article(s) by GentleGiant
GentleGiant has written 86 Article(s).
Page Num: 2
Password fields in user-submitted HTML
Web sites should not allow users to put up forms with input type="password"....
Posted on: 01/24/12 at 14:54:06 EST
Cross-site request forgery (CSRF)
A Cross-site request forgery hole is when a malicious site can cause a visitor's browser to make a...
Posted on: 01/24/12 at 14:54:04 EST
Make sure form submissions that cause server-side changes use your own forms. There are two ways...
Posted on: 01/24/12 at 14:53:58 EST
Should I disable password manager?
Financial sites such as banks frequently decide to disable password manager using the...
Posted on: 01/24/12 at 14:53:51 EST
Purely server-side holes
Some security holes in web sites don't involve web browsers at all and are therefore out of scope...
Posted on: 01/24/12 at 14:53:48 EST
The Whys and Wherefores of Pattern Matching
Pattern matching is more than just searching for some set of characters in your data; it’s a way...
Posted on: 01/23/12 at 11:46:50 EST
The Facts on Cross Site Scripting
Websites today are more complex than ever, containing a lot of dynamic content making the...
Posted on: 01/22/12 at 22:25:51 EST
Handling or Filtering Metacharacters
Many systems, such as the command line shell and SQL interpreters, have “metacharacters'',...
Posted on: 01/22/12 at 22:25:43 EST
Technics to Prevent Cross Site Scritping
Most existing browsers are capable of interpreting and executing scripts—created in such...
Posted on: 01/22/12 at 22:25:35 EST
Stolen cookies: XSS attack results
Cookie theft occurs when the the cookie issued by the application is hijacked for malicious...
Posted on: 01/22/12 at 22:25:28 EST
Best practices for Web developers against XSS
What about the designers and maintainers of Web sites? you can reduce the problem with a variety of...
Posted on: 01/22/12 at 22:25:23 EST
Make a Printer Friendly Page of any html bet DIVs
So you want to create a printer-friendly pages for your website users? Writing the content directly...
Posted on: 01/22/12 at 22:25:20 EST
Never, never, never pass unchecked remote user inp
In C this includes the popen(), and system() commands, all of which invoke a /bin/sh subshell to...
Posted on: 01/22/12 at 14:18:26 EST
I found a great CGI script on the Web and I want t
You can never be sure that a script is safe. The best you can do is to examine it carefully and...
Posted on: 01/22/12 at 14:18:16 EST
Is C safer than interpreted languages like Perl
Are compiled languages such as C safer than interpreted languages like Perl and shell scripts? The...
Posted on: 01/22/12 at 14:18:10 EST
Store Scripts in the cgi-bin Directory Only
Is it better to store scripts in the cgi-bin directory, or to store them anywhere in the document...
Posted on: 01/22/12 at 14:18:06 EST
What's the problem with CGI scripts?
The problem with CGI scripts is that each one presents yet another opportunity for exploitable...
Posted on: 01/22/12 at 14:16:35 EST
Where can I learn more about safe CGI scripting?
The CGI security FAQ, maintained by Paul Phillips ( firstname.lastname@example.org), can be found at: ...
Posted on: 01/22/12 at 14:16:28 EST
How do I avoid passing user variables through a sh
In Perl, you can invoke external programs in many different ways. You can capture the output of an...
Posted on: 01/22/12 at 14:16:23 EST
What are Perl taint checks? How do I turn them on?
As we've seen, one of the most frequent security problems in CGI scripts is inadvertently passing...
Posted on: 01/22/12 at 14:16:17 EST
Our Parent Company
This site is part of the Detroit Metro Area Networks