Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13 Security Methods Part 2. xss.php Script 13.4 on page 419 ss.php

Published byGeorgiana Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 13 Security Methods Part 2. xss.php Script 13.4 on page 419 ss.php"— Presentation transcript:

1 Chapter 13 Security Methods Part 2

2 xss.php Script 13.4 on page 419 http://csweb.hh.nku.edu/csc301/frank/ch13/x ss.php http://csweb.hh.nku.edu/csc301/frank/ch13/x ss.php ch13\xss.php Enter alert(“Ha!”);

3 XSS Attacks It could create a pop-up window Steal cookies Redirect the browser to other sites.

4 htmlentities() Turn problem characters into HTML entities (taken literally. No special meaning.) & -> & “ -> " < > -> >

5 strip_tags() Removes all HTML and PHP tags

6 calculator.php Script 13.4 on pages 422-423 http://csweb.hh.nku.edu/csc301/frank/ch13/c alculator.php http://csweb.hh.nku.edu/csc301/frank/ch13/c alculator.php ch13\calculator.php

7 filter_var() if(filter_var($var,FILTER_VALIDATE_INT) if(filter_var($var,FILTER_VALIDATE_INT, array(‘min_range’ => 1, ‘max_range’ => 120))

8 Validation Filters FILTER_VALIDATE_EMAIL FILTER_VALIDATE_FLOAT FILTER_VALIDATE_INT FILTER_VALIDATE_URL

Download ppt "Chapter 13 Security Methods Part 2. xss.php Script 13.4 on page 419 ss.php"

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Cross Site Scripting (XSS)

Cross Site Scripting (XSS)
Cross-Site Scripting (XSS) Vulnerability in AJAX and Adobe Flex Applications Danielle Cauthen 04/09/2010 COMS E6125 – Web enHanced Information Management.

Cross-Site Scripting (XSS) Vulnerability in AJAX and Adobe Flex Applications Danielle Cauthen 04/09/2010 COMS E6125 – Web enHanced Information Management.
Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.

Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.
Web Security Never, ever, trust user inputs Supankar.

Web Security Never, ever, trust user inputs Supankar.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Chapter 2 HTML Basics Key Concepts

Chapter 2 HTML Basics Key Concepts
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Team Members: Brad Stancel,

Team Members: Brad Stancel,
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
HTML Character Entities. Character Entities Some characters have a special meaning in HTML, like the less than sign (

HTML Character Entities. Character Entities Some characters have a special meaning in HTML, like the less than sign (
XSS: Cross Site Scripting Alan Geleynse. Example

XSS: Cross Site Scripting Alan Geleynse. Example
PHP Form Processing. Using Forms in PHP  Two steps to process  Display the form  Process the submitted data.

PHP Form Processing. Using Forms in PHP  Two steps to process  Display the form  Process the submitted data.
Multiple Tiers in Action

Multiple Tiers in Action
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
PHP Form Processing. Using Forms in PHP  Two steps to process  Display the form  Process the submitted data.

PHP Form Processing. Using Forms in PHP  Two steps to process  Display the form  Process the submitted data.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Similar presentations

Ads by Google