to get the file

More documents

Recommendations

Info

More SQL injection examples More dangerous injection code: ''%'; EXEC master.dbo.xp_cmdshell "net user sqltest sqltest /add"--%„ 22
Injection – how to defend 1. Use a safe API which avoids the use of the interpreter entirely or provides a parameterized interface. (e.g. stored procedures) – even though these APIs are parameterized, but may still allow injection. 2. If a parameterized API is not available, you should carefully filter special characters using the specific escape syntax. Example of filtering code for user input validation String queryinput = request.getParameter(“DB_INPUT”); String newqueryinput; static Pattern escaper = Pattern.compile("([^a-zA-z0-9.])"); newqueryinput = escaper.matcher(queryinput).replaceAll("\\\\$1"); 23
Page 1 and 2: Chapter 7. Web Application Firewall
Page 3 and 4: Remind - term project Selected data
Page 5 and 6: Agenda • I. Notice for term proje
Page 7 and 8: Web application (2/2) ▣ web appli
Page 9 and 10: Why is web security important Netwo
Page 11 and 12: Is it easy to hack into web GET / H
Page 13 and 14: Basic web hacking technique • Dir
Page 15 and 16: OWASP top 10 • OWASP top 10 proje
Page 17 and 18: What‟s new in OWASP Top 10 (2010)
Page 19 and 20: OWASP Top 10 (2010) 19
Page 21: More SQL injection examples Query =
Page 25 and 26: More XSS example • url="http://14
Page 27 and 28: XSS - how to defend 1.Filter all un
Page 29 and 30: 2. Broken Access Control • Access
Page 31 and 32: 3. Broken Account and Session Manag
Page 33 and 34: 5. Buffer Overflows • Web applica
Page 35 and 36: 7. Error Handling Problems • Erro
Page 37: 8. Insecure Use of Cryptography •
Page 40 and 41: 10. Web and Application Server Misc
Page 42 and 43: Web Application Firewall • Why do
Page 44 and 45: WAF Protection models • WAF‟s m
Page 46 and 47: WAF - negative filtering model •
Page 48 and 49: WAF - Output Detection Model/Conten
Page 50 and 51: VA+WAF • Some commercial WAF prod
Page 52 and 53: Commercial WAF • art of defence -
Page 54 and 55: Agenda • I. Notice for term proje
Page 56 and 57: More practical recommendations •
Page 58 and 59: More practical recommendations •
Page 60: References • http://www.owasp.org

to get the file

Create successful ePaper yourself

Delete template?

Save as template?