Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Common language specific pitfalls"

From NetSec
Jump to: navigation, search
(Created page with "Common language-specific pitfalls: PHP specific pitfalls: File inclusion by remote and local Situationally bad sanitizing: addslashes() htmlspecialchars() ...")
 
 
Line 1: Line 1:
Common language-specific pitfalls:
+
=PHP specific pitfalls=
  PHP specific pitfalls:
+
==File inclusion by remote and local ==
    File inclusion by remote and local  
+
==Situationally bad sanitizing==
    Situationally bad sanitizing:
+
===addslashes()===
    addslashes()
+
===htmlspecialchars()===
    htmlspecialchars()
+
===mysql_real_escape_string()===
    mysql_real_escape_string()
+
=Perl specific pitfalls=
  Perl specific pitfalls:
+
===Command injection with open()===
    Command injection with open()    
+
=Python specific pitfalls=
  Python specific pitfalls:
+
==Urllib opens/follows file:// resource location response headers  (Python)==
    Urllib opens/follows file:// resource location response headers  (Python)
+
=Ruby (eruby and rails) specific pitfalls=
  Ruby (eruby and rails) specific pitfalls:
+
==attr_protected==
    attr_protected
+
==CGI.EscapeHTML()==
    CGI.EscapeHTML()
+
  
 
[[Category:Secure programming]]
 
[[Category:Secure programming]]

Latest revision as of 01:44, 12 May 2013

PHP specific pitfalls

File inclusion by remote and local

Situationally bad sanitizing

addslashes()

htmlspecialchars()

mysql_real_escape_string()

Perl specific pitfalls

Command injection with open()

Python specific pitfalls

Urllib opens/follows file:// resource location response headers (Python)

Ruby (eruby and rails) specific pitfalls

attr_protected

CGI.EscapeHTML()

Retrieved from "http://nets.ec/index.php?title=Common_language_specific_pitfalls&oldid=10843"