Software Security

Archive for August 2007

 

Mitigate XSS: Why input validation is bogus

Ask any security guy/gal about how to best mitigate cross-site scripting (XSS) and what is the answer? It’s some variation on validating input. Look at my own writings about this topic and what will you find? Variations on the input validation theme. Input validation is a great solution for new applications, but it’s a horrible […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Mitigate XSS: Why input validation is bogus