This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Injection Prevention Cheat Sheet

From OWASP
Revision as of 17:53, 6 April 2010 by Achim (talk | contribs) (Application Protocol)

Jump to: navigation, search

Following questions to the wiki as from 6-apr-10

(items are the headlines in the wiki page):

  • A2:
we read: "An already productive application (with MVC architecture) ..."
Q: why is this restricted to MVC? I don't see any reason for that as OpenSource applications must not be MVC.
  • Query languages
we read: "The most famous form of injection is SQL Injection ..."
Hmm, SQL Injection is #1 in OWASP top 10 2010 now, but XSS is famous and popular as SQL Injection.
Q: why is XSS missing?

Missing, somehow in wiki as from 6-apr-10

  • Application Protocol
The application protocol, HTTP here, can also be injected. Think of %0d%0a injections in the URL. This may lead to all sorts of HRS (HTTP Response Splitting/Smuggling, HTTP Request Smuggling/Splitting). It may also lead to HTTP header injections for example setting cookies.
Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Injection_Prevention_Cheat_Sheet&oldid=81030"