Saturday, September 24, 2005

Editor's Daily Blog: Keep 'Em Separated

Editor's Daily Blog: Keep 'Em Separated: "Keep 'Em Separated
Posted by invalidname on September 20, 2005

Keep malicious code out of your web app

In the first installment of his series on web app security and validating input, Stephen Enright showed some surprisingly effective attacks that could be carried out by sending SQL statements in HTML form values. But of course, the server is only one half of the security story. The browser also offers opportunities for mischief.

In the Feature Article, Handling Java Web Application Input, Part 2, he takes a look at cross-site scripting, which describes a variety of attacks to insert code from an external source, often using the