One of the most important security activity for a web application, according to the OWASP Top Ten security flaws, is to validate all user input. When validating it is important to use a whitelist and not a blacklist approach. That means you should check whether the input has the correct format or includes the allowed […]
Tags: XSS and Rails
Bart t. B. brought the following to_json security issue to my attention, the Rails Trac at http://dev.rubyonrails.org/ticket/8371 has more on that:
To json is almost only used for injecting object hashes into javascript.
var client = <%= client.to_json %>;
Because to_json does not escape its values, it's easy to construct a Cross Site Scripting exploit. If client […]
Tags: XSS and Rails
SQL injection attacks aim at injecting database queries by manipulating web application parameters. Almost all SQL injection attacks are immediately reflected, that means a malicious parameter moves from the client to the server, will be put together to a SQL query, sent to the database server and the result will be returned to the client. […]
Tags: Rails
It is very important to filter malicious input, but when it comes to user agent injection, it is also important that the output does not contain executable code. I will introduce input filters afterwards. In general, it checks the user input to be of a specific format, and if not, rejects it with an error […]
Tags: XSS and Rails
Especially malicious input in URLs will look suspicious to someonewho has heard of these attacks, or at least to a security scanner. So an attacker will try to hide suspicious parts from the victim or the security scanner. For a human being thiscan be as easy as displaying a tidy link as an image, but […]
Tags: XSS and Rails
Besides the classic Cross-Site Scripting where the playload moves to the server and back, there is another form of user agent injection attacks, which does not depend on the payload to be embedded in the response, but rather on thepayload in the Document Object Model (DOM). The DOM is the standard object model in browsers […]
Tags: XSS and Rails
User Agent Injection are those attacks where malicious, client-side executable code is being injected, which means malformed request parameters are passed to the web application.The input will then be processed by the server and stored on the web server to return it to a victim at a later time or to the attacker to take […]
Tags: XSS and Rails
