Wednesday, October 21st, 2009
You’ve written a PHP based web app, and you’ve made sure it doesn’t cause errors if the user submits unexpected values via any URLs or forms. But there’s something you quite likely forgot to test: What if the data that’s expected to be a singular value happens to be ...
Posted in Programming | 11 Comments »
Monday, September 7th, 2009
Today I'll share a fun story with you. Would you like to get free publicity? Go ahead and make a poor friendly URL implementation, like the Finnish Broadcasting Corporation, or YLE - the national broadcasting company of Finland - did.
YLE had a very naive friendly URL algorithm on their web ...
Posted in Web | 12 Comments »
Friday, January 2nd, 2009
I've been working on a Java app which needed Rhino for scripting. The app would need to run untrusted JavaScript code from 3rd parties, so I had to find a way to block access to all Java methods, except the ones I wanted. This would not be a problem if ...
Posted in Programming | 10 Comments »
Tuesday, September 25th, 2007
Originally posted in my old blog at My Opera
Cross-site scripting attacks, also known as XSS attacks, are a type of vulnerability found in some web sites.
For example, if your blog comment box allows users to write JavaScript snippets that aren't escaped in any way by the server and are ran, ...
Posted in Programming, Web | 2 Comments »
Subscribe to the RSS feed