Go Back   Xisp.org Forums > Porn Password Cracking > Security Talk

As a web dev: what should I watch out for

Reply
Views: 2986 - Replies: 1  
Thread Tools Display Modes

As a web dev: what should I watch out for
Old 01-21-2013, 10:41 PM   #1
UltraLisk
Full Member
 
UltraLisk is offline Offline
Join Date: Jan 2007
Location: Ontario/Canada
Posts: 136
Threads: 13
UltraLisk is on a distinguished road
Default As a web dev: what should I watch out for

Wow, hasnt been a thread in here since 2009....

As exploiters, what would you say are some common entry points into websites?

Here are things I tend to try to do:
- check length of the string on my POST/GET vars
- often try to run regex on GET/POST vars so only expected chars are accepted.
- authenticate each and every page (including php pages called with ajax only)
- add slashes for chars like single quotes before sql insert
- website frontend clients have php connection with sql user with only read to db (so if sql injection was found, no update/insert/etc could be run from that login)
- hidden admin login page will often connect to its own DB with a user with only read access to hashed passwords (so even if sql injection was possible on login page, only read of user name list would effectively be available).
- will soon stop using md5
- try to keep software up to date.

Anything else im missing that you exploiters like to use? Other then the obvious (getting in using weak user passwords) and 0 day attacks?
  Reply With Quote

Old 05-01-2013, 09:24 PM   #2
UltraLisk
Full Member
 
UltraLisk is offline Offline
Join Date: Jan 2007
Location: Ontario/Canada
Posts: 136
Threads: 13
UltraLisk is on a distinguished road
Default

Bump?

Nobody has anything to say? Maybe I should stress that I do not design porn sites
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 07:57 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org