Chapter 13. Web-Specific Input Issues

It’s now time to turn our attention to what is potentially the most hostile of all environments: the Web. In this chapter, I’ll focus on making sure that applications that use the Web as a transport mechanism are safe from attack. I’m assuming you’ve read Chapter 10 and Chapter 11, before reading this, and if you use a database as part of your Web-based application, you should also read Chapter 12.

Virtually all Web applications perform some action based on user requests. Let’s be honest: a Web-based service that doesn’t take user input is probably worthless! Remember that you should determine what data is valid and reject all other input. I know I sound like a broken record, but data verification is probably ...

Get Writing Secure Code now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.