Summary

Previous page
Table of content
Next page

  • Do perform input validation on all input before passing it to a command processor.

  • Do handle the failure securely if an input validation check fails.

  • Do not pass unvalidated input to any command processor, even if the intent is that the input will just be data.

  • Do not use the deny-list approach, unless you are 100 percent sure you are accounting for all possibilities.

  • Consider avoiding regular expressions for input validation; instead, write simple and clear validators by hand.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
C++ GUI Programming with Qt 3
Managing Enterprise Systems with the Windows Script Host
C++ How to Program (5th Edition)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy