ditulis oleh admin pada Rabu, 24 Januari 07dengan komentar yang belum ditulis padanya

Semantic URL Attacks

Curiosity is the motivation behind many attacks, and semantic URL attacks are a perfect example. This type of attack involves the user modifying the URL in order to discover what interesting things can be done. For example, if the user chris clicks a link in your application and arrives at http://example.org/private.php?user=chris, it is reasonable to assume that he will try to see what happens when the value for user is changed. For example, he might visit http://example.org/private.php?user=...

ditulis oleh admin pada Rabu, 24 Januari 07dengan komentar yang belum ditulis padanya

Forms and Data

When developing a typical PHP application, the bulk of your logic involves data processingtasks such as determining whether a user has logged in successfully, adding items to a shopping cart, and processing a credit card transaction. Data can come from numerous sources, and as a security-conscious developer, you want to be able to easily and reliably distinguish between two distinct types of data: Filtered data Tainted data Anything that you create yourself is trustworthy and can be considere...

ditulis oleh admin pada Rabu, 24 Januari 07dengan komentar yang belum ditulis padanya

Escape Output

Another cornerstone of web application security is the practice of escaping outputescaping or encoding special characters so that their original meaning is preserved. For example, O'Reilly is represented as O\'Reilly when being sent to a MySQL database. The backslash before the apostrophe is there to preserve itthe apostrophe is part of the data and not meant to be interpreted by the database. As with filtering input, when I refer to escaping output , I am really describing three diff...

ditulis oleh admin pada Rabu, 24 Januari 07dengan komentar yang belum ditulis padanya

Filter Input

Filtering is one of the cornerstones of web application security. It is the process by which you prove the validity of data. By ensuring that all data is properly filtered on input, you can eliminate the risk that tainted (unfiltered) data is mistakenly trusted or misused in your application. The vast majority of security vulnerabilities in popular PHP applications can be traced to a failure to filter input. When I refer to filtering input, I am really describing three different steps: Identi...