advertisement
Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

Is the SMB Protocol an Open Door to Network Intruders?
Cybersecurity and the Art of Misdirection
The Problems with Encrypting Data in the Cloud
In the Cloud, Encryption in Motion + Encryption at Rest = Not Good Enough
The Biggest Cybersecurity Story of the Week

advertisement
advertisement
 

Five Tips for Thwarting Data Input Attacks Against Your Web App  : Page 4

The Web is a battleground where data input attacks are a real danger. Michael Howard illustrates how attackers can gain access to your Web apps and how best to stop them.


by Michael Howard
Jan 1, 2001
Page 4 of 6
advertisement
Tip 3—Beware of Quotes
Quotes can be difficult to handle because they can fool SQL strings. As I showed earlier, an attack can use quotes to create different SQL query logic and allow anyone to logon without a valid username and password. Another way to help mitigate quoting attacks is to escape the quote characters first. The following regular expression will double up all single and double quotes. This is perfectly valid SQL syntax, which can help make many attacks harder to execute: 
strPwd = strPwd.replace(/([\'\"])/g,"$1$1");
You could use this in place of the regular expression just added. Personally, I use both—defense in depth!
« Previous Page 123456 Next Page »
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 
advertisement
Sitemap