This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Incomplete Blacklist"
From OWASP
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | {{ | + | {{template:CandidateForDeletion}} |
| + | #REDIRECT [[Positive_security_model]] | ||
| − | |||
==Description== | ==Description== | ||
| Line 13: | Line 13: | ||
==Related Vulnerabilities== | ==Related Vulnerabilities== | ||
| − | |||
==Related Countermeasures== | ==Related Countermeasures== | ||
==Categories== | ==Categories== | ||
| − | |||
| − | |||
Latest revision as of 18:18, 11 April 2009
#REDIRECT Positive_security_model
Description
NOTE: This probably should be made into a principle - Don't use blacklist. New attacks are being developed everyday, which makes it difficult or nearly impossible in some cases to make a complete blacklist. Instead positive whitelist, which specifies what is allowed, should be used.
