Latest Updates: injection RSS

• 

  Data Integrity wants you! (to protect against SQL injection)

  Brian 1:12 pm on February 18, 2010 | 2 Permalink | Reply
  Tags: injection, SQL

  In my first blog post, I talked a bit about the ability to use client side software to edit forms and submit data that might not be expected from a server side script. Well now I am back, and like the kool-aid dude, I am bursting through your screens with knowledge; OH YEAH!

  Okay, now that we have the comedy out of the way, time to get to the important stuff.  This post is going to be all about SQL injection attacks. Of all the possible exploits that can be done against a server, this is certainly in the top 5 most scary in my book (yes, I check under my bed for the SQL injection monster).

  (More …)

   

  Reply Click here to cancel reply.

  Name (required)

  Email (required)

  Web Site

   
• 

  I just got $100 for buying a T-Shirt!

  Brian 5:27 pm on July 21, 2009 | 0 Permalink | Reply
  Tags: HTML, injection

  Okay, that didn’t really happen to me, but it is a legitimate security concern for a web developer. Nobody wants to get a call asking why someone was able to purchase a t-shirt from their form and not only get the t-shirt but also receive a $100 credit.

  This really comes down to secure development and making sure that any user input is properly sanitized to and validated to ensure that the values that were submitted aren’t malicious attempts at ruining your month. It is easy to see why one would need to sanitize user data coming from a text field on a form, but let’s explore what may be a less obvious situation and why one would want to sanitize data from a drop down select.

  (More …)