Input Validation

Web servers are just like any other software applications; they can only carry out the functionality their instructions dictate. They are designed to process requests via a certain protocol. When a person interacts with their web browser and types in a request for http://www.logicalsecurity.com/index.htm, he is using a protocol called Hypertext Transfer Protocol (HTTP) to request the file “index.htm” from the server “www” in the “logicalsecurity.com” namespace. A request in this form is called a Uniform Resource Locator (URL). Like many situations in our digital world, there is more than one way to request something because computers speak several different “languages”—such as binary, hexadecimal, and many encoding mechanisms—each ...

Get CISSP All-in-One Exam Guide, 6th Edition, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.