Reddit reviews Gray Hat Hacking : The Ethical Hacker's Handbook
We found 2 Reddit comments about Gray Hat Hacking : The Ethical Hacker's Handbook. Here are the top ones, ranked by their Reddit score.
We found 2 Reddit comments about Gray Hat Hacking : The Ethical Hacker's Handbook. Here are the top ones, ranked by their Reddit score.
Sanitize all the inputs! I wasn't a coder so I had no idea how sanitation works, or whether all XSS can be stopped.
I once did a xss exercise on an app where I just went through the XSS Cheat Sheet
At first I did regular javascript. It was fixed. Then I did some Hex Encoded javascript. Then finally... to prove a point I did some Unicode javascript. Simply sanitizing for each type of XSS encoding trick isn't enough.
\u003CXSS\u00A0STYLE\u003Dalert\u0028\u0022XSS\u0022\u0029\u003E
The above line gets decoded as this:
<XSS STYLE=alert("XSS")>
Nice unicode conversation app.
http://rishida.net/tools/conversion/
---------------------------------------------
http://coding.smashingmagazine.com/2011/01/11/keeping-web-users-safe-by-sanitizing-input-data/
Prepared Statements:
http://stackoverflow.com/questions/687787/how-should-i-sanitize-database-input-in-java
Check out Grey Hat Hacker, the bit about client side browser stuff is cool.
Also: http://seclists.org/
Then there's always this: http://docs.oracle.com/javaee/5/tutorial/doc/bnbyk.html
Edit: formatting and stuff.
start here, continue here, report back in two months.