Keith Fitzgerald on 27 Jun 2007 13:24:42 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PhillyOnRails] ModSecurity / PHPIDS

haha yeah i'm also thinking out loud. been real interested in security of late and just got back from usenix so now i'm paranoid.

ill look around a little more and report back :-)

On 6/27/07, Mat Schaffer <> wrote:
On Jun 26, 2007, at 5:13 PM, Keith Fitzgerald wrote:
> regarding pre-deployment security, i imagine it would be pretty
> easy to check for common cases that *could* lead to xss exploits.
> i.e. many applications simply just trust user input and do not
> validate.
> or for example, rails by default allows GET as well as POST
> submissions. an easy test would be to check GET requests are
> blocked in form action. unless this is no longer default behavior?

I could see this being implemented as warnings during functional or
integration testing.  Perhaps with some sort of meta-programming to
bring requirement down to one statement?  Just thinking out loud
here, really.
To unsubscribe or change your settings, visit:

To unsubscribe or change your settings, visit: