|
I'm pretty green still when it comes to web programming, I've spent most of my time on client applications. So I'm curious about the common exploits I should fear/test for in my site.
Started by Brian Leahy on
, 14 posts
by 14 people.
Answer Snippets (Read the full thread at stackoverflow):
These three are the most important:
Cross Site Request Forgery Cross Site Scripting SQL injection The most common are probably database injection attacks and cross-site scripting attacks; mainly because those are the easiest to accomplish (that's likely... .
|
|
I need a way in Perl to strip naughty things, such as XSS, image interjection, and the works.
I found HTML::StripScripts but it hasn't updated in close to two years, and I'm not up to date with all the new exploits.
Is it safe?
What other markups languages...
Started by Timmy on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Just removing scripts will not make your.
XSS is a vast topic and exploits come up every other day.
|
|
By simply converting the following:
& -> & < -> < > -> > " -> " ' -> '
Will you prevent XSS attacks?
I think you need to white list at a character level too, to prevent certain attacks , but the following answer...
Started by The Feast on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
Character references) prevents inserting....
If you insert the data into HTML, replacing the HTML meta character with escape sequences (i.e .
A lock doesn't stop a theif, but it helps ;)
Counter measures depend on the context where the data is inserted in .
|
Ask your Facebook Friends
|
In our enviroment we are often required to run old outdated versions of different applications, and im wondering about the security implications on that. So im hoping there is a site that basicly lists AppXX1 version V2 has X known exploits.
Im off course...
Started by EKS on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at serverfault):
Cve.mitre.org has the most comprehensive list of vulnerabilities, but I've never looked for a list... .
I think something like the Nessus vulnerability list is probably going to be your best bet, but I'm not sure how to do that without running Nessus itself .
|
|
What ways are there for detecting exploits in PHP/MySQL web applications (checking for certain characters or pieces of codes in the GET, POST, COOKIE arrays / using a library with a database that has all the patterns for common exploits, if any exist?...
Started by TheMagician on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Just use strip_tags() on all $_REQUEST and $_COOKIE vars to take care of code showing up in these vars, as for SQL you would have to maybe write up a query-like regex or something, but this shouldnt be an issue as you should always mysql_real_escape_string... .
|
|
What are the most strange/sophisticated/surprising/deeply hidden software vulnerabilities or exploits you have ever seen? Places in code where you thought that there is no danger hidden, but were wrong?
[To clarify: Everybody knows SQL injections, XSS...
Started by sdcvvc on
, 30 posts
by 28 people.
Answer Snippets (Read the full thread at stackoverflow):
A summary:....
I think an exploit out of this.
Again, it's not easy to exploit, but definitely doable.
They exploit the printf-like formatting tags to overwrite attack is the off-by-one error.
Attacks known as Format String Attack.
|
|
On a page from a website (one of ours) I can enter in the url the following code:
javascript:createNewWindow('Something', 100, 100, 'Text')
Is there a way someone can exploit this?
function createNewWindow(url, widthIn, heightIn, title) { var strOptions...
Started by osp70 on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Be sure to validate all.
Need to take care in the other parts of the application to prevent exploits.
|
|
The Weekly Marmot - Looking for Exploits
Follow me on Twitter | Facebook | Google+
Started by Lore on
, 20 posts
by 15 people.
Answer Snippets (Read the full thread at tankspot):
That's not just an exploit like you said, that's hacking game files their decision not to exploit the bug paid off, some of them are cynically predicting that even if they manage for Exploits Nothing....
Changing a game file seems right.
|
|
I am building a server application that will maintain connections to other applications by initiating TCP connections out through a firewall that is only open for outbound traffic to the relevant IP's ports that the application will connect to.
What is...
Started by ilDocteur on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
The risk is precisely that anything that can be done, from their end to your end,... .
If your own application server does not listen for any incoming data then there is very little risk
They can't do anything to you other than speak your protocol to you .
|
|
Is it correct to say that the .Net platform is more secure because the CLR guards against buffer overflow attacks?
Assuming there was a web browser running in a managed OS (like Cosmos , SharpOS or Singularity ), would it be technically possible for an...
Started by chris on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Application errors may allow exploits other remote-code exploits occur because the constraints in those languages and runtimes provide, managed browser itself wouldn't....
The CLR or any library may contain bugs that allow exploits.
|
