The Open Web Application Security Project has released two cheatsheets aimed at helping development teams thwart XSS and SQL injection attacks.
XSS : http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
SQL Injection: http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
The cheatsheets explain how proper output encoding goes a long way to mitigating these types of attacks. And SQL injection is up to about 30% of all malicious attacks on web applications so any protection against these attacks will be worth it to your project.
No comments:
Post a Comment