Browse by Tags
All Tags »
Secure Design (
RSS)
When you're dealing with users in a web environment, invariably you'll want to know who's who. Because HTTP is stateless, web applications expect some random and difficult-to-guess piece of data with each request that's unique for each user. In most modern...
How should a web site deal with a user who doesn't run JavaScript? Abort (fallback to non-JavaScript version of the site), Retry (give the user a friendly error message that it's necessary to have JavaScript enabled to use the site), Ignore (continue...
There’s an axiom in the appsec community - “all input is evil”. Every piece of data sent by the user may be teeming with virulent host compromising attacks, and that you better validate ANY and ALL user-modifiable parameters or your computer will explode...
Rudy and I did a Fishbowl Talk at TechEd, where we spoke extemporaneously about whatever was on our mind that week. Check it out here . Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Reading articles, browsing marketing materials, and listening to presentations about application security, you hear variations on a theme: "Input validation is absolutely critical to application security, and most application risks involve tainted input...
More Posts
Next page »