|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PhillyOnRails] ModSecurity / PHPIDS
|
haha yeah i'm also thinking out loud. been real interested in security of late and just got back from usenix so now i'm paranoid.
ill look around a little more and report back :-)
On 6/27/07, Mat Schaffer <schapht@gmail.com> wrote:
On Jun 26, 2007, at 5:13 PM, Keith Fitzgerald wrote:
> regarding pre-deployment security, i imagine it would be pretty
> easy to check for common cases that *could* lead to xss exploits.
> i.e. many applications simply just trust user input and do not
> validate.
>
> or for example, rails by default allows GET as well as POST
> submissions. an easy test would be to check GET requests are
> blocked in form action. unless this is no longer default behavior?
I could see this being implemented as warnings during functional or
integration testing. Perhaps with some sort of meta-programming to
bring requirement down to one statement? Just thinking out loud
here, really.
-Mat
_______________________________________________
To unsubscribe or change your settings, visit:
http://lists.phillyonrails.org/mailman/listinfo/talk
_______________________________________________
To unsubscribe or change your settings, visit:
http://lists.phillyonrails.org/mailman/listinfo/talk
|
|