10 February 2013
1) Reliance on JavaScript for data validation. JavaScript is a cool tool for checking user input to make sure it is valid. But people can disable or just plain bypass JavaScript. If the server assumes that the data is OK because it was validated by JavaScript, then the server is making a false assumption.
2) SQL injection. If you take user input and splice it together with other strings to form a SQL query, then your SQL query is vulnerable. There are ways to inject valid SQL into an input field that makes the SQL query do things the programmer didn't intend.
3) Cross Site Scripting (XSS). Your site allows people to input data that is displayed to other users. If the user can enter HTML code, and you pass it along to other users unmodified, their browsers will treat it as HTML code. If that HTML code happens to include some JavaScript, then you are essentially running code inside someone elses browser. Bad stuff can happen from there.
There are other vulnerability but those are probably the top 3.
2) SQL injection. If you take user input and splice it together with other strings to form a SQL query, then your SQL query is vulnerable. There are ways to inject valid SQL into an input field that makes the SQL query do things the programmer didn't intend.
3) Cross Site Scripting (XSS). Your site allows people to input data that is displayed to other users. If the user can enter HTML code, and you pass it along to other users unmodified, their browsers will treat it as HTML code. If that HTML code happens to include some JavaScript, then you are essentially running code inside someone elses browser. Bad stuff can happen from there.
There are other vulnerability but those are probably the top 3.
Labels: Education, ICT, Pendidikan, Web Page Apps