Category: OWASP 2010 A1
-
OWASP A1 – Injection
Finally, we reach a more glamorous class of vulnerability. Injection attacks can take many forms; SQL injection, XPath/XML/SOAP injection, LDAP injection, and Command injection are just a few types. This post will cover some PHP countermeasures to the more common forms of injection, starting with SQL injection: SQL Injection Mitigations: The first step in preventing…
-
OWASP A2 – Cross-Site Scripting (XSS) with PHP Part 4
This is going to be a short post that expands upon input validation controls. These routines are in addition to those found in the OWASP ASVS and should be utilized where possible to help mitigate the risk of any type of injection attack (XSS, SQLi, LDAPi, XMLi, Command injection, etc). There are two other major…
CodeWatch 