This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Injection Prevention Cheat Sheet"
From OWASP
(question about A2) |
(Query language) |
||
| Line 1: | Line 1: | ||
| − | |||
====Following questions to the wiki as from 6-apr-10==== | ====Following questions to the wiki as from 6-apr-10==== | ||
(items are the headlines in the wiki page): | (items are the headlines in the wiki page): | ||
| Line 6: | Line 5: | ||
:we read: "An already productive application (with MVC architecture) ..." | :we read: "An already productive application (with MVC architecture) ..." | ||
:'''Q:''' why is this restricted to MVC? I don't see any reason for that as OpenSource applications must not be MVC. | :'''Q:''' why is this restricted to MVC? I don't see any reason for that as OpenSource applications must not be MVC. | ||
| + | |||
| + | * Query languages | ||
| + | :we read: "The most famous form of injection is SQL Injection ..." | ||
| + | :Hmm, SQL Injection is #1 in OWASP top 10 2010 now, but XSS is famous and popular as SQL Injection. | ||
| + | :'''Q:''' why is XSS missing? | ||
Revision as of 17:46, 6 April 2010
Following questions to the wiki as from 6-apr-10
(items are the headlines in the wiki page):
- A2:
- we read: "An already productive application (with MVC architecture) ..."
- Q: why is this restricted to MVC? I don't see any reason for that as OpenSource applications must not be MVC.
- Query languages
- we read: "The most famous form of injection is SQL Injection ..."
- Hmm, SQL Injection is #1 in OWASP top 10 2010 now, but XSS is famous and popular as SQL Injection.
- Q: why is XSS missing?
