Chapter 13: Web-Specific Input Issues

Previous page
Table of content
Next page

Chapter 13

Web-Specific Input Issues

It's now time to turn our attention to what is potentially the most hostile of all environments: the Web. In this chapter, I'll focus on making sure that applications that use the Web as a transport mechanism are safe from attack. I'm assuming you've read Chapter 10, All Input Is Evil! and Chapter 11, Canonical Representation Issues, before reading this, and if you use a database as part of your Web-based application, you should also read Chapter 12, Database Input Issues.

Virtually all Web applications perform some action based on user requests. Let's be honest: a Web-based service that doesn't take user input is probably worthless! Remember that you should determine what data is valid and reject all other input. I know I sound like a broken record, but data verification is probably the most important discipline to understand when building secure applications.

In this chapter, I'll focus on cross-site scripting issues (mainly because they are so prevalent) and HTTP trust issues and I'll offer an explanation of which threats that Secure Sockets Layer (SSL) and Transport Layer Security (TLS) help to resolve. So let's get started with the attack du jour: cross-site scripting.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Developing Tablet PC Applications (Charles River Media Programming)
MySQL Clustering
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
802.11 Wireless Networks: The Definitive Guide, Second Edition
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy