Questions about this topic? Sign up to ask in the talk tab.

Common language specific pitfalls

From NetSec
Revision as of 01:44, 12 May 2013 by JtRIPper (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

PHP specific pitfalls

File inclusion by remote and local

Situationally bad sanitizing

addslashes()

htmlspecialchars()

mysql_real_escape_string()

Perl specific pitfalls

Command injection with open()

Python specific pitfalls

Urllib opens/follows file:// resource location response headers (Python)

Ruby (eruby and rails) specific pitfalls

attr_protected

CGI.EscapeHTML()