Detection of SQL Injection and Cross-site Scripting Attacks - The Diigo Meta page

• 12 Feb 09
  

  Mats Svensson

  From Internet Explorer New links

• 08 Jul 08
  

  cnaunton

  Programming Security

• 11 Sep 07
  

  Raghu Rajagopalan

  security_testing xss

  • f a site is vulnerable to CSS. These attempts can be trivially detected. However, the advanced attacker may attempt to camouflage the entire string by entering its Hex equivalents. So the <script> tag would appear as %3C%73%63%72%69%70%74%3E. On the other hand, the attacker may actually use a Web Application Proxy like Achilles and reverse the browser's automatic conversion of special characters such as < to %3C and > to %3E. So the attack URL will contain the angled brackets instead of their hex equivalents as would otherwise normally occur.
    

    
    The following regular expression checks for attacks that may contain HTML opening tags and closing tags <> with any text inside. It will catch attempts to use <b> or <u

• 15 Jan 07
  

  Tobi B

  sql security tipps Development furl

• 20 Sep 06
  

  Sander van Zoest

  discusses techniques to detect SQL Injection and Cross Site Scripting (CSS) attacks against your networks.

  sql injection web development security detection regex ids snort pcre

• 07 Aug 06
  

  Richard

  exploits infosec pentest sqlinjection

• 29 Sep 04
  

  Nico

  Imported Bookmarks

Would you like to comment?

Join Diigo for a free account, or sign in if you are already a member.