Author Topic: Making web apps more secure  (Read 1712 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33590
  • malware fighter
Making web apps more secure
« on: August 21, 2006, 11:05:35 PM »
Hi malware fighters,

Also webdevelopers, who use new web apps, and functionality that can be abused, should contemplate more secure techniques, by doing all of the following:

• Fix vulnerabilities to stop initial injection and further propagation, as well as payload execution;
• Be aware that everything can be modified, including “hidden” HTML input tags, cookies, URL parameters, POST data and HTTP headers;
• Never use input you get from the client without sanitizing it
• Enforce data types and formatting, including length restrictions and escaping characters to avoid SQL injection and XSS attacks;
• PHP and ASP have built in functions that can help. A well-placed RegEx can stop most attacks;
• Input validators should be implemented on both sides of a Web application;
• Frontend code should properly represent backend code and backend code for an HTML FORM that uses POST should only read values that were posted;
• Applications should only provide enough functionality to work—for example, do not use scripting technologies if you have static content.

Come on coders and webmasters, make the web more secure,

polonus


P.S. You only have to click the Validaty add-on button in Flock or FF to know how many errors you will find, this forum page has 6.

Damian
« Last Edit: August 21, 2006, 11:10:35 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!