Article Announcement: Penetration Testing for Web Applications (Part Two)
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 07/06/03
- Previous message: Marc Fossi: "Article Announcement: Can Microsoft End Spam?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 6 Jul 2003 07:38:47 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
Penetration Testing for Web Applications (Part Two)
By Jody Melbourne and David Jorm (July 3, 2003)
The second installment in this series expands upon issues of input
validation - how developers routinely, through a lack of proper input
sanity and validity checking, expose their back-end systems to server-side
code-injection and SQL-injection attacks. It also explores the manner in
which these issues may manifest the client-side as cross-site scripting
and other content-manipulation vulnerabilities.
http://www.securityfocus.com/infocus/1709
Marc Fossi
Symantec Corp.
www.symantec.com
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: Can Microsoft End Spam?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
