WebApp Sec mailing list archives

Re: SQL Injection

From: Frank Knobbe <frank () knobbe us>
Date: Mon, 28 Jun 2004 20:34:20 -0500

On Wed, 2004-06-16 at 08:08, Jeff Williams wrote:

Output validation is intended to protect against attempts to inject attacks
into the browser. The most important of these is cross-site scripting, which
is covered by the Top Ten A4, and HTML entity encoding is suggested there.


I understand the notion of "output validation" doesn't sound very sexy.
I also understand that it is considered included in the XSS section of
the OWASP guide. But I believe that a lot of folks underestimate or
overlook/neglect the area of validating output for safety and fitness of
date for displaying in a browser.

So I'd like to ask: What can be done to put more educational emphasis
and/or awareness to validation output? What are the thoughts of others
in this forum?

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: encryption over the web, (continued)
- - - Re: encryption over the web exon (Jun 17)
- Re: SQL Injection Steven M. Christey (Jun 11)
  - Re: SQL Injection Stephen de Vries (Jun 11)
    - Re: SQL Injection Rogan Dawes (Jun 14)
    - Re: SQL Injection David Cameron (Jun 16)
    - Re: SQL Injection Sverre H. Huseby (Jun 16)
    - Re: SQL Injection Alex Russell (Jun 17)
    - Re: SQL Injection Frank Knobbe (Jun 16)
    - Re: SQL Injection Jeff Williams (Jun 16)
    - Re: SQL Injection Frank Knobbe (Jun 16)
    - Re: SQL Injection Frank Knobbe (Jun 28)
    - RE: SQL Injection Mutallip Ablimit (Jun 29)
    - Re: SQL Injection gcb33 (Jun 29)
    - Re: SQL Injection Alex Russell (Jun 16)
- Re: SQL Injection Jeff Williams (Jun 14)
  - RE: SQL Injection Clement Dupuis (Jun 14)
- Re: SQL Injection Stephen de Vries (Jun 17)
  - Re: SQL Injection athena (Jun 17)
  - Re: SQL Injection Frank Knobbe (Jun 21)