Innocent Code: A Security Wake-Up Call for Web Programmers
|
Contents
1 The Basics | 1 |
2 Passing Data to Subsystems | 21 |
3 User Input | 57 |
The Crosssite Scripting Problem | 97 |
5 Web Trojans | 125 |
6 Passwords and Other Secrets | 135 |
7 Enemies of Secure Code | 163 |
8 Summary of Rules for Secure Coding | 177 |
Common terms and phrases
algorithm application ARP spoofing asymmetric encryption attacker attacker’s authentication backslash bank browser bugs bytes cache certificate characters client client-side client-side scripts command contain cookie create Cross-site Scripting cryptographic cryptographic hash function document encoding encryption error message example file name filtering function hashed passwords input validation insert instance Internet IP address Java JavaScript language log-in look malicious markup metacharacters Microsoft modify name and password null-byte output OWASP packet sniffing pass data password Perl possible PostgreSQL private key problem Protocol proxy public key query Referer header Rule secret Section sendmail server-generated input session hijacking session ID shell single quotes someone SQL Injection string constant subsystem target ticket trick typically Unfortunately Unicode Unix user name user’s username victim vulnerable web application web server whitelisting