Chapter 13. Web-Specific Input Issues
It’s now time to turn our attention to what is potentially the most hostile of all environments: the Web. In this chapter, I’ll focus on making sure that applications that use the Web as a transport mechanism are safe from attack. I’m assuming you’ve read Chapter 10 and Chapter 11, before reading this, and if you use a database as part of your Web-based application, you should also read Chapter 12.
Virtually all Web applications perform some action based on user requests. Let’s be honest: a Web-based service that doesn’t take user input is probably worthless! Remember that you should determine what data is valid and reject all other input. I know I sound like a broken record, but data verification is probably ...
Get Writing Secure Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.