Insufficient Input Validation: "Software coding flaws emerge mainly from a lack of developers understanding one basic principle: Malicious users will not do what you expect them to do,". Failure to validate input "is the No. 1 issue affecting Web-based applications and gives rise to attacks such as SQL injection."
Improper Encoding or Escaping of Output: This is a leading issue behind cross-site scripting (XSS) attacks. Web apps often lose track of user-supplied data, failing to properly encode the output to HTML when returned to the user. "This allows attackers to send malicious JavaScript to other users that will execute within their browsers," .
Error Message Information Leakage: Web apps "give out way too much information when they encounter errors," allowing attackers to piece together a view of the overall system. In the worst case, "They can even use the error pages as the conduit to extract out customer data from databases."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment