White listing refers to having input compared to an approved list and then rejecting what ever isn't on it. Like when you go to a concert and you are trying to get backstage, if you're name isn't on the VIP list or you don't have a pass you cant get in. In this instance, your name is compared to the list of valid people allowed backstage. If your name doesn't appear you tossed aside. Sucks right but when your talking about building a web app it can be one of the methods that separate you from being attacked.
Showing posts with label PHP. Show all posts
Showing posts with label PHP. Show all posts
Monday, March 1, 2010
Wednesday, February 17, 2010
PHP Protection from XSS attacks
If you have a forum, or blog hosted on your site. Then you should be aware of cross site scripting vulnerabilities that any basic HTML form can produce. I will show you how the vulnerability exists, how to detect it, and how to mitigate this form of attack.
What is an Cross-Site Scripting (XSS) Attack?
Cross site scripting vulnerabilities are produced when a web site displays unfiltered user generated input on to the site. By allowing users to supply their own content, hackers can figure out ways to get malicious content on the website by injecting it with their own scripts via javascript and change the
What is an Cross-Site Scripting (XSS) Attack?
Cross site scripting vulnerabilities are produced when a web site displays unfiltered user generated input on to the site. By allowing users to supply their own content, hackers can figure out ways to get malicious content on the website by injecting it with their own scripts via javascript and change the
Subscribe to:
Posts (Atom)