|
Careful Of That Big Virus On This Site...
Don't say my fucking name in Vain!...
Carry on.
peace...
Started by mal on
, 15 posts
by 12 people.
Answer Snippets (Read the full thread at usmessageboard):
I'm too ....
Peace...
Said Fred.
That would be like someone...
It's malcontent.
You're name is not "malware" or "malicious".
Peace...
That would be like someone on.
It's malcontent.
You're name is not "malware" or "malicious".
Peace...
|
|
I wrote this C program and ran on my Windows system. My system hanged and not even Task manager was opening. Finally, I had to reboot. This is clearly a malicious program, but my antivirus does not detect this. Why?
#include<unistd.h> main() { while...
Started by avd on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Antivirus programs don't recognize malicious behavior - they recognize patterns of know viruses you run the fork bomb as administrator?
Well, it is not malicious behavior, looks more like.
|
|
Hello,
I have ASP.NET MVC 1.0 and Entity Framework v1 application.
By default, content submitted by user is validated for malicious input. (See here ). HTML encoding user submitted data, prevents JavaScript injection attacks. Entity Framework internally...
Started by dev on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
You should use ViewModels to presenting....
For more info check out this link: http://bradwilson.typepad.com/blog/2010/01/input-validation-vs-model-validation-in-aspnet-mvc.html
Hope this helps .
Attribute to prevent Over-Posting Problems.
Use Bind(Include ...
|
Ask your Facebook Friends
|
What is the best way to prevent introduction of malicious code when using snippets, skins, etc.?
Obviously this is less of a problem with sites like StackOverflow; however, how often have you run into Malicious Code Snippets? I don't just mean careless...
Started by Russell Steen on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
If you use it in your product, I'd check....
That's the case with free code snippets.
It's that simple.
If you don't have time to review all of the code, you sure as heck don't have time to deal with the problems that can result from using it .
You have to.
|
|
So I like the OpenID idea. I support it on my site, and use it wherever it's possible (like here!). But I am not clear about one thing.
A site that supports OpenID basically accepts any OpenID provider out there, right? How does that work with sites that...
Started by zigdon on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
Or are we going to have to start maintaining provider blacklists... .
Just like bots can sign up with fake/multiple email addresses to any site, but fail the "verification" step there as well .
Possible solution - you can still ask new IDs to pass a CAPTCHA test .
|
|
Hi community,
I'm currently building a website that allows public access after classic verification methods (captcha + email verif.) I do my best to sanitize all of the inputs and stay in control of the data flows. I am 100% sure that there will be people...
Started by m_oLogin on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
I'd imagine a hacker could only use the error's information for malicious as if nothing happened: if you receive malicious code, log the event (it could be the case you missed malicious users to keep trying....
That there was an error.
|
|
The company that I work for is redeveloping an in-house product for external use.
The product will initially be developed in C# using WPF, then ported to Silverlight.
One of the focus points is coding against malicious attacks e.g. SQL injection etc.
...
Answer Snippets (Read the full thread at stackoverflow):
In....
The best resource I've found is here:
http://www.owasp.org/index.php/Main_Page
Within that site, I would start here:
http://www.owasp.org/index.php/Top_10_2007
The top 10 is for web site vulnerabilities, but the concepts apply to all types of apps .
|
|
If you implement an interface in Java, there is nothing to prevent the caller from looking at what concrete implementation you have supplied, casting to that class and calling methods that are not in the interface. I believe this is called "malicious ...
Started by Thilo on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Only the factory can see it and it will return only the interface type so there is no concrete implementation to cast against... .
Another way to protect against this is to use a factory class, and have the implementation be a private inner class of the factory .
|
|
We have an ASP.NET custom control that lets users enter HTML (similar to a Rich text box). We noticed that a user can potentially inject malicious client scripts within the <script> tag in the HTML view. I can validate HTML code on save to ensure...
Answer Snippets (Read the full thread at stackoverflow):
Instead of black-listing some tags (and missing some of the ways you may be attacked), it is better to decide on a set of tags that are OK for your site and only allowing them... .
XSS (Cross Site Scripting) is a big a difficult subject to tackle correctly .
|
|
I am working on a servlet (runs on tomcat) which receives requests that contains Java Script code, and using the java scripting API framework evaluates/run the code and returns the answer to the user.
Since we are dealing with user generated code, the...
Started by special0ne on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
And since this is probably what your question really meant, I'll put forward my answer - ... .
My question to you: what counts as bad code ?
If you cannot come up with a formal definition of what counts as bad code, you cannot hope to be able to detect it .
|
