No announcement yet.

Web interface escaping and security

  • Filter
  • Time
  • Show
Clear All
new posts

  • Web interface escaping and security

    Hello all,

    I think this question was asked recently. We are discovering that user input in the web-interface is rarely checked or escaped for relevant media (JS values, Html content, element attribute values, url parameters, etc...), and some pen-testers are showing holes (after successful login) and demonstrating sleep injections.

    I could give these examples, but that would be irrelevant. Looking at the way the majority of the pages are written and handling post and get data, I believe that there are many more pages where injected values could pass through.

    What is being done about this issue? I myself have a good idea what to do about it, but the workload of my own in-mind idea is enormous, and I would like to see if there are already existing discussions on this matter? Are there other developers looking at this?

    Florian Mertens