Thoughts on awareness of security vulnerabilities & full disclosure
- π
- π 322 words
- π 2 minutes
- π¦ .NET
- π·οΈ security
- π¬ 1 response
HTML, SQL and XSS injection vulnerabilities arenβt new but they are still largely ignored by developers.
My first encounter with these issues was in 1999 whilst writing an extranet e-commerce web site. Back then the ASP fix consisted of Server.HtmlEncode for all output and a Replace("'", """")
Replace("'", """") for strings heading to SQL (other types headed there via CInt/CLong/CDate and I wasnβt aware of parametrized queries).