User contributions

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

13:41, 21 October 2013 (diff | hist) . . (+932)‎ . . CRV2 ContextEncJscriptParams ‎
13:26, 21 October 2013 (diff | hist) . . (+340)‎ . . CRV2 ContextEncJscriptParams ‎
13:21, 21 October 2013 (diff | hist) . . (+157)‎ . . CRV2 ContextEncJscriptParams ‎
13:16, 21 October 2013 (diff | hist) . . (+273)‎ . . CRV2 ContextEncJscriptParams ‎
13:14, 21 October 2013 (diff | hist) . . (+147)‎ . . CRV2 ContextEncJscriptParams ‎
13:11, 21 October 2013 (diff | hist) . . (+18)‎ . . CRV2 ContextEncJscriptParams ‎
13:10, 21 October 2013 (diff | hist) . . (+649)‎ . . N CRV2 ContextEncJscriptParams ‎ (Created page with "Untrusted data, if being placed inside a Javascript function/code requires validation. Unvalidated data may break out of the data context and wind up being executed in the cod...")
15:59, 3 October 2013 (diff | hist) . . (+640)‎ . . CRV2 ManualReviewProsCons ‎ (→‎Manual Review - Pros and Cons)
15:48, 3 October 2013 (diff | hist) . . (-2)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎HTML Entity)
15:47, 3 October 2013 (diff | hist) . . (+126)‎ . . CRV2 ContextEncHTMLEntity ‎ (current)
15:46, 3 October 2013 (diff | hist) . . (+118)‎ . . CRV2 ContextEncHTMLEntity ‎
15:43, 3 October 2013 (diff | hist) . . (0)‎ . . CRV2 ContextEncHTMLEntity ‎
15:43, 3 October 2013 (diff | hist) . . (+517)‎ . . CRV2 ContextEncHTMLEntity ‎
15:40, 3 October 2013 (diff | hist) . . (+333)‎ . . CRV2 ContextEncHTMLEntity ‎
15:37, 3 October 2013 (diff | hist) . . (+17)‎ . . CRV2 ContextEncHTMLEntity ‎
15:37, 3 October 2013 (diff | hist) . . (+242)‎ . . CRV2 ContextEncHTMLEntity ‎
15:29, 3 October 2013 (diff | hist) . . (+668)‎ . . CRV2 ContextEncHTMLAttribute ‎ (current)
15:27, 3 October 2013 (diff | hist) . . (+325)‎ . . N CRV2 ContextEncHTMLEntity ‎ (Created page with "HTML elements which contain user controlled data or data from untrusted sourced should be reviewed for contextual output encoding. In the case of HTML entities we need to help...")
15:12, 3 October 2013 (diff | hist) . . (-2)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎HTML Attribute)
15:10, 3 October 2013 (diff | hist) . . (+190)‎ . . CRV2 ContextEncHTMLAttribute ‎
15:07, 3 October 2013 (diff | hist) . . (+1,526)‎ . . N CRV2 ContextEncHTMLAttribute ‎ (Created page with "'''HTML Attribute Encoding:''' HTML attributes may contain untrusted data. It is important to determine if any ot the HTML attribites on a given page contains data from outsid...")
14:54, 3 October 2013 (diff | hist) . . (+758)‎ . . N Overall approach to content encoding and anti XSS ‎ (Created page with "When untrusted data is to be rendered to the UI it MUST under both input validation and encoding. Encoding is of significant importance given it can protect the user from clie...") (current)
14:53, 3 October 2013 (diff | hist) . . (0)‎ . . N File:Xss-encoding-table.png ‎ (current)
14:42, 3 October 2013 (diff | hist) . . (+14)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎Reviewing code for contextual encoding)
14:42, 3 October 2013 (diff | hist) . . (+40)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎Reviewing code for contextual encoding)
14:40, 3 October 2013 (diff | hist) . . (-1)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎"Jacking"/Framing)
14:39, 3 October 2013 (diff | hist) . . (+1,000)‎ . . N CRV2 ClientSideCodeJackingFraming ‎ (Created page with "In order to help prevent clickjacking or UI redress attacks one of the following headers should be in all HTTP response headers. '''X-Frame-Options HTTP Response Header''' /...")
09:53, 8 August 2013 (diff | hist) . . (+457)‎ . . CRV2 FrameworkSpecIssuesSpring ‎ (current)
09:42, 8 August 2013 (diff | hist) . . (+267)‎ . . CRV2 FrameworkSpecIssuesSpring ‎
09:34, 8 August 2013 (diff | hist) . . (+1,692)‎ . . CRV2 FrameworkSpecIssuesSpring ‎
09:02, 8 August 2013 (diff | hist) . . (+582)‎ . . N CRV2 FrameworkSpecIssuesSpring ‎ (Created page with "==Spring Mass assignment== The mass assignment problem relates to the universal web framework pattern of automatic binding request parameters into model objects. See also MVC...")
13:12, 1 August 2013 (diff | hist) . . (-1,621)‎ . . CRV2 RevCodePersistentAntiPatterndotNet ‎ (current)
13:12, 1 August 2013 (diff | hist) . . (+1,638)‎ . . CRV2 FrameworkSpecIssuesdotNetMVC ‎
12:58, 1 August 2013 (diff | hist) . . (+154)‎ . . CRV2 RevCodePersistentAntiPatterndotNet ‎ (→‎Binding issues in MVC .NET)
12:44, 1 August 2013 (diff | hist) . . (+1,468)‎ . . CRV2 RevCodePersistentAntiPatterndotNet ‎
11:07, 1 August 2013 (diff | hist) . . (+738)‎ . . N CRV2 SSL-TLS ‎ (Created page with "'''Ensuring SSL with MVC.NET''' When reviewing MVC .NET is is important to make suer the application transmitts and recieved over a secure link. It is not recommended to only ...")
11:00, 1 August 2013 (diff | hist) . . (+90)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎Reviewing by Techincal Control)
10:58, 1 August 2013 (diff | hist) . . (+31)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎Review Code for XSS)
10:55, 1 August 2013 (diff | hist) . . (+28)‎ . . OWASP Code Review V2 Table of Contents ‎ (→‎Reviewing code Authorization weakness)
10:54, 1 August 2013 (diff | hist) . . (+1,211)‎ . . N CRV2 AuthorizationWeaknesses ‎ (Created page with "'''Authorisation in .NET MVC 4''' The usage of filters is recommended when authorisation is being implemented in MVC 4 .NET MVC 3 introduced a method in global.asax called Re...")
11:39, 14 June 2013 (diff | hist) . . (+419)‎ . . N CRV2 CantHackSecure ‎ (Created page with " '''We cant hack ourselves secure.''' Penetration testing is generally a point in time test. As source code changes the value of the findings of a penetration test degrade wit...") (current)
10:12, 17 May 2013 (diff | hist) . . (+798)‎ . . N CRV2 WhatIsCodeReview ‎ (Created page with "What is Security Source Code Review? Source code review is the practie of reviewing developed code for vulnerabilities. There are many ways to review the security of an appli...")
13:51, 2 May 2013 (diff | hist) . . (+42)‎ . . CRV2 RevCodeXSS ‎ (current)
13:47, 2 May 2013 (diff | hist) . . (+388)‎ . . CRV2 RevCodeXSS ‎
13:44, 2 May 2013 (diff | hist) . . (+551)‎ . . N CRV2 RevCodeXSS ‎ (Created page with "Where can XSS occur?? '''HTML Body Context''' <nowiki>UNTRUSTED DATA</nowiki> ''' HTML Attribute Context''' <nowiki><input type="text" name="fname" v...")
15:08, 26 April 2013 (diff | hist) . . (0)‎ . . Category:OWASP Code Review Project ‎ (→‎OWASP Code Review Guide V2.0)
12:40, 23 April 2013 (diff | hist) . . (-29)‎ . . CRV2 Introduction ‎ (current)
12:38, 23 April 2013 (diff | hist) . . (+444)‎ . . CRV2 Introduction ‎
12:27, 23 April 2013 (diff | hist) . . (+5,384)‎ . . N CRV2 Introduction ‎ (Created page with "== Introduction == Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration ...")
12:26, 23 April 2013 (diff | hist) . . (-72)‎ . . OWASP Code Review V2 Table of Contents ‎

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

Show contributions of new accounts only IP address or username:
Namespace: Invert selection Associated namespace
Tag filter:
Only show edits that are latest revisions Only show edits that are page creations
From year (and earlier): From month (and earlier):

User contributions

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools