This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Injection Prevention Cheat Sheet"
From OWASP
(Query language) |
m (Application Protocol) |
||
| Line 10: | Line 10: | ||
:Hmm, SQL Injection is #1 in OWASP top 10 2010 now, but XSS is famous and popular as SQL Injection. | :Hmm, SQL Injection is #1 in OWASP top 10 2010 now, but XSS is famous and popular as SQL Injection. | ||
:'''Q:''' why is XSS missing? | :'''Q:''' why is XSS missing? | ||
| + | |||
| + | ====Missing, somehow in wiki as from 6-apr-10==== | ||
| + | |||
| + | * Application Protocol | ||
| + | :The application protocol, HTTP here, can also be injected. Think of %0d%0a injections in the URL. This may lead to all sorts of HRS (HTTP Response Splitting/Smuggling, HTTP Request Smuggling/Splitting). It may also lead to HTTP header injections for example setting cookies. | ||
Revision as of 17:53, 6 April 2010
Following questions to the wiki as from 6-apr-10
(items are the headlines in the wiki page):
- A2:
- we read: "An already productive application (with MVC architecture) ..."
- Q: why is this restricted to MVC? I don't see any reason for that as OpenSource applications must not be MVC.
- Query languages
- we read: "The most famous form of injection is SQL Injection ..."
- Hmm, SQL Injection is #1 in OWASP top 10 2010 now, but XSS is famous and popular as SQL Injection.
- Q: why is XSS missing?
Missing, somehow in wiki as from 6-apr-10
- Application Protocol
- The application protocol, HTTP here, can also be injected. Think of %0d%0a injections in the URL. This may lead to all sorts of HRS (HTTP Response Splitting/Smuggling, HTTP Request Smuggling/Splitting). It may also lead to HTTP header injections for example setting cookies.
