[Security] The security craftsman - Part 10

April 22, 2009 - 17:28 CEST "That does not mean, however, that blocking < and > when ouputting user data in javascript isn't necessary", David said.
[...]

0 comment(s) | Permalink | | This entry has been viewed 2023 time(s).

[Security] The security craftsman - Part 9

March 10, 2009 - 20:02 CET David grabbed the keyboard and jotted down two new examples.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1570 time(s).

[Security] The security craftsman - Part 8

March 10, 2009 - 19:36 CET When I came into the office the next day, I immediately started rewriting the application to use prepared statements. An hour later I was done, and called Mr. X to go through it. By lunch time we had co-written the documentation, and code and documentation was sent over to the customer.
[...]

0 comment(s) | Permalink | | This entry has been viewed 1242 time(s).

[1 - 3]

About Erlend

I'm a senior consultant at Bekk Consulting AS. This blog is about software development, with a special focus on security.

Follow me on twitter

31.08	[Security] Rails 3.0 and XSS-protection
6.07	[Security] Avoiding NoSQL-injection with MongoDB
27.06	[Security] NOSQL-injection
7.06	[.NET] Microsoft Pex - exploratory testing
18.05	[Security] Security podcasts