Comments on: Prepare for Attack!—Making Your Web Applications More Secure

By: Description of different types of web attacks

Description of different types of web attacks — Wed, 04 Apr 2007 13:31:03 +0000

[...] of the three major attacks that happen that can be prevented through the code of your web site. Here is the link. Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...]

By: making services » Prepare for Attack!—Making Your Web Applications More Secure

Mon, 02 Apr 2007 15:27:30 +0000

[...] Nicholas Confessore wrote an interesting post today onHere’s a quick excerptArm yourself and prepare for battle! This post is intended as a reminder about the possible security attacks your Web application may be vulnerable to. While it is not meant as a comprehensive guide to Web-application security, … [...]

By: mhinze.com » Blog Archive » links for 2007-02-03

mhinze.com » Blog Archive » links for 2007-02-03 — Mon, 19 Feb 2007 14:01:58 +0000

[...] Prepare for Attack!—Making Your Web Applications More Secure · Nadav Samet’s Blog (tags: security web) [...]

By: Making your web applications more secure:

Making your web applications more secure: — Sat, 17 Feb 2007 21:06:57 +0000

[...] Nadav Samet has written a simple article explaining various security attacks called Prepare for Attack!—Making Your Web Applications More Secure. [...]

By: thesamet

thesamet — Tue, 06 Feb 2007 15:09:59 +0000

Hi Frank, Thanks for your comment. Prevention of SQL injection and XSS attacks is straight forward. Never assume that data comes from the web is safe. Even if you think no one will discover a URL which is hidden somehow in your javascript code. User input such as comments or posts should be stripped of all < symbols. And if it is used in SQL statements then it is best to use sql string escaping function like mysql_escape_string in PHP.

XSRF attacks can be avoided by not giving sensitive data or allowing any action without making sure the user actually requested it. A prevention technique is described in the article.

By: Frank Nimphius

Frank Nimphius — Tue, 06 Feb 2007 14:43:08 +0000

Nice article. However your blog post is titled “Prepare for Attack!—Making Your Web Applications More Secure”. I don’t see your suggestions of how to prevent those attacks.

Frank

By: Trafikant - develop success » Blog Archive » JavaScript Security

Trafikant - develop success » Blog Archive » JavaScript Security — Mon, 05 Feb 2007 16:41:58 +0000

[...] understand XSS and get to know the most common vulnerabilities have a look at Nadavs site and the Prepare for Attack!—Making Your Web Applications More Secure article. And whats left to say? Never underestimate the risks of tabbed browsing and sessions spread around [...]

By: Ajax Journal

Ajax Journal — Sun, 04 Feb 2007 13:55:46 +0000

Rendez vos applications web plus sûres…

Nadav Samet publie sur son blog un article intéressant faisant un tour d’horizon des failles de sécurités classiques rencontrées dans les applications web…….

By: All in a days work…

All in a days work… — Sun, 04 Feb 2007 13:52:07 +0000

[...] Prepare for Attack!—Making Your Web Applications More Secure A possible solution is to add a hidden field that only your app can generate and validate, the app will process only if received a query argument with the value of a sha1 digest of a string that is composed of the user id and a secret word… (tags: Security SQL XSRF XSS Scriptaculous) [...]

By: Webmaster Libre » Archivo de » links for 2007-02-02

Webmaster Libre » Archivo de » links for 2007-02-02 — Sat, 03 Feb 2007 14:45:02 +0000

[...] Nadav Samet’s Blog » Blog Archive » Prepare for Attack!—Making Your Web Applications More Secu… (tags: security sqlinjection xsrf xss) [...]