Questions about this topic? Sign up to ask in the talk tab.

Common language specific pitfalls

From NetSec
Jump to: navigation, search

PHP specific pitfalls

File inclusion by remote and local

Situationally bad sanitizing

addslashes()

htmlspecialchars()

mysql_real_escape_string()

Perl specific pitfalls

Command injection with open()

Python specific pitfalls

Urllib opens/follows file:// resource location response headers (Python)

Ruby (eruby and rails) specific pitfalls

attr_protected

CGI.EscapeHTML()