dcsimg
Login | Register   
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


advertisement
 

Five Tips for Thwarting Data Input Attacks Against Your Web App  : Page 6

The Web is a battleground where data input attacks are a real danger. Michael Howard illustrates how attackers can gain access to your Web apps and how best to stop them.


advertisement

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps


Tip 5—Disable Parent Paths
Make sure that ".." is not allowed in a filename. Disable parent paths with the following steps:
  1. Right-click the root of the Web site and choose Properties from the context menu.
  2. Click the Home Directory tab.
  3. Click Configuration.
  4. Click the App Options tab.
  5. Uncheck the Enable Parent Paths checkbox.
You can also disable the paths from the command-line:

cscript adsutil.vbs set w3svc/1/root/AspEnableParentPaths false

All Input Is Bad
To truly be prepared for data input attacks you have to adopt the mindset that all input is bad. Check for valid input instead of looking for invalid data, because attackers will work around the rules quickly. Also learn regular expressions and use them wisely. Remember these rules and you will reduce the number of attack points for your Web application.


Michael Howard is a program manager on the Windows 2000 security team. He is the author of Designing Secure Web-Based Applications for Microsoft Windows 2000 and has spoken about security-related issues at many events, including Microsoft Tech·Ed, Microsoft Professional Developer's Conferences, and numerous industry gatherings. He can be reached at mikehow@microsoft.com.
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date