I am beginning what appears to be the daunting task of securing all of my code from injections, XSS, etc. I have been reading about some of it and it is a bit overwhelming. I just wanted to come here and ask for experts' advice on the main things I …

You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), …

Hello, How can we bypass a filter that checks "<>" in order to perform an XSS attack ? Thanks in advance, Begueradj

I am working towards the goal of a social site, however, being a beginner, I have many questions I need to answer before getting anywhere! One of these is in regards to embedable scripts/ web apps/ widgets. I would like to allow the users of the site to upload web …

How can I prevent a XSS attack but allow user to post iframe and img? My page is php based but I allow users to submit text and have allowed only iframes and imgs with strip_tag How do I prevent a user from launching an xss attack?

#This is for Laravel 3.*# ## Hello, ## With this snippet I'm providing a simple way to automatically filter `Input::get()` and `Input::old()`. To achieve this result we need to make few changes: * extend Input and Redirect classes by creating new files in `application/libraries/`, the files are: **input.php** and **redirect.php**; …

Hi. i was wondering if somebody could help me. Im looking for a php function to check a get and post methods for any type of hack or injection i.e. xss php java html mysql injection. the function needs to check the get or post methods prior to using it …

Hello, I was reading web security stuffs and found that user can inject malicious codes mostly JS in forms. Now, What about CKFinder/TinyMCE et al? They obviously produce html and any stripping will destroy the article formatting. bad enough they have a "code mode" where user can enter html directly. …

Hi all, This is my first time posting in this forum (disclaimer: please let me know if this is not the right place to post this). I'm turning to the Linux server discussion gurus for some sagely advice :) I have a VPS web server running CentOS with Apache and …

Hello folks, In short, this code is vulnerable: [CODE] <div class="search"> <form action="/search" method="get" name="header_search"> <label>{l t='Search Business'} <input name="searchtext" type="text" id="searchtext" placeholder="{l t='e.g.Marriott'}" /></label> <label>{l t='City'} <input name="cityname" type="text" id="Hsearchcity" autocomplete="off" placeholder="{l t='All Cities'}" class="commentColor cityname"/> </label> <a onclick="header_search.submit()" href="javascript:void(0)">{l t='Search'}</a> </form> </div>[/CODE] I have been trying to implement …

Sandro Gauci, founder of [URL="http://enablesecurity.com"]EnableSecurity[/URL], has revealed that six years on from his 2002 report into extended HTML form attacks the problem has simply refused to go away. The original report included details of how attackers could abuse non-HTTP protocols in order to launch Cross Site Scripting attacks, even in …


