Is what you get what you expect to get?

Philip Tellis (01.Mar.2012 at 08:30)
Talk at ConFoo 2012 (English - UK)

Rating: 0 of 5

Code injection into web apps is not a new phenomenon. It's been a constant on the web even longer than IE6. It's been around since the very first .cgi scripts were chmod +x'ed, resulting in a chroot 0wn3d.

Code injection is mainly brought about by web programmers not making sure that the input received from users is what was expected.

This talk, will concentrate mainly on XSS injection, but will also talk a little about SQLi and CSRF. We'll go over the kinds of programming mistakes that result in code injection, and how to change your mindset to prevent these issues.

Who are you?

Claim talk

By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.

If the claim is approved you will be able to edit the information for this talk.

Are you sure?

 
Comments closed.

Comments

Rating: 5 of 5

01.Mar.2012 at 20:38 by Anonymous

What does the slide #2 mean (IWYGWYETG)?

Apart from it, pretty nifty tricks on XSS which every form designer should be aware about!

I recently found someone who'd done zero validations on a production site form, and it had been like that for 5 months. Thankfully enough, probably hackers were dumb enough to realise that maybe XSS exploit checks were in place, and hence they didn't do anything nasty. Phew!

Speaker comment:

01.Mar.2012 at 21:59 by Philip Tellis (20 comments)

IWYGWYETG is the title of the post (Is What You Get What You Expect To Get)

© Joind.in 2014