Download presentation
Presentation is loading. Please wait.
Published byEugenia Lee Modified over 9 years ago
1
Input Validation – common associated risks ______________ user input controls SQL statements ultimately executed by a database server http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php ______________ user input controls file access location – the “double-dot attack” ______________ user input controls file naming in such a way as to get a program to read, write or delete files that should be protected Denial of Service user input controls causes application to consume excessive resources or simply stop executing due to unacceptable input _______________ user input controls causes the application to reveal confidential information perhaps this information can be used as part of a more sophisticated attack
2
more common associated risks ________________ user input controls injects HTML or script commands into Web application causing the Web application to breach its security http://www.acunetix.com/websitesecurity/xss.htm ______________ user input injects commands, often via meta-characters, that cause a server to perform unintended functions Buffer Overflows user input controls exceeds limits in a way that allows the attacker to control application behavior
3
Before Mitigation user interface files parameters of externally-invoked methods network sockets/ports URLs (passed to Web servers) cookies network certificates
4
Mitigation Techniques
5
Escaping individual characters is a particularly effective way of mitigating XSS. CharacterEquivalent HTML escape “" ## && ‘' (( )) // ;; << >>
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.