WebApp Sec mailing list archives
Re: Canonicalization
From: Yann <cactux () gmail com>
Date: Wed, 12 Apr 2006 14:31:52 +0200
11 Apr 2006 13:12:29 -0000, susam_pal () yahoo co in <susam_pal () yahoo co in>:
I found the following paragraph in owasp.org. Can someone please elaborate on this? Parameters must be converted to the simplest form before they are validated, otherwise, malicious input can be masked and it can slip past filters. The process of simplifying these encodings is called "canonicalization."
There is a (very short) article on Wikipedia, to begin with: http://en.wikipedia.org/wiki/Canonicalization There is an example, not directly related to security. Yann -- __________________________________________________________ Yann Cochard : http://yanncochard.com/ Au Cactus Francophone : http://www.cactuspro.com/ Kaella, Knoppix Linux Azur : http://kaella.linux-azur.org/ ------------------------------------------------------------------------- This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Canonicalization susam_pal (Apr 12)
- Re: Canonicalization Yann (Apr 12)
- Re: Canonicalization Rogan Dawes (Apr 12)
- <Possible follow-ups>
- RE: Canonicalization PPowenski (Apr 12)
- Re: Canonicalization Andrew van der Stock (Apr 12)
- Re: Canonicalization Rossen Raykov (Apr 20)
- Re: Canonicalization Peter Conrad (Apr 21)
- Re: Canonicalization exon (Apr 21)
- Re: Canonicalization Jason Murray (Apr 23)
- Re: Canonicalization exon (Apr 24)
- Re: Canonicalization Rossen Raykov (Apr 20)
- Re: Canonicalization Yann (Apr 12)
- Re: Canonicalization Eoin (Apr 21)
- Re: Canonicalization Andrew van der Stock (Apr 22)