Browse by Tags

All Tags » Input Validation (RSS)
Tuesday, August 26, 2008 1:02 PM
Input Validation Isn’t For Wimps
There’s an axiom in the appsec community - “all input is evil”. Every piece of data sent by the user may be teeming with virulent host compromising attacks, and that you better validate ANY and ALL user-modifiable parameters or your computer will explode...

Posted by Alex | with no comments

Filed under: ,

Tuesday, October 30, 2007 8:45 PM
ASP.NET ValidateRequest and the HTML Attribute Based Cross Site Scripting
ASP.NET ValidateRequest is a security mechanism designed to prevent cross-site scripting attacks in ASP.NET applications. It looks at data in the HTTP request parameters, and issues an error if it finds anything that is "suspicious". And, for the most...

Posted by Alex | 2 comment(s)

Filed under: , , ,

Monday, October 08, 2007 1:41 PM
Input versus Data, Validation versus Sanitization
Reading articles, browsing marketing materials, and listening to presentations about application security, you hear variations on a theme: "Input validation is absolutely critical to application security, and most application risks involve tainted input...

Posted by Alex | with no comments

Filed under: , ,