Penetration Testing for Web Applications (Part Two)
By Jody Melbourne and David Jorm (July 3, 2003)
The second installment in this series expands upon issues of input
validation - how developers routinely, through a lack of proper input
sanity and validity checking, expose their back-end systems to server-side
code-injection and SQL-injection attacks. It also explores the manner in
which these issues may manifest the client-side as cross-site scripting
and other content-manipulation vulnerabilities.
By Jody Melbourne and David Jorm (July 3, 2003)
The second installment in this series expands upon issues of input
validation - how developers routinely, through a lack of proper input
sanity and validity checking, expose their back-end systems to server-side
code-injection and SQL-injection attacks. It also explores the manner in
which these issues may manifest the client-side as cross-site scripting
and other content-manipulation vulnerabilities.
http://www.securityfocus.com/infocus/1709
Marc Fossi
Symantec Corp.
www.symantec.com
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
[ reply ]