This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Incomplete Blacklist"

From OWASP
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Template:Stub}}
+
{{template:CandidateForDeletion}}
{{Template:Vulnerability}}
+
#REDIRECT [[Positive_security_model]]
  
[[Category:FIXME|Stub article, needs review]]
 
 
==Description==
 
==Description==
  
Line 14: Line 13:
  
 
==Related Vulnerabilities==
 
==Related Vulnerabilities==
[[Permissive Whitelist]]
 
  
 
==Related Countermeasures==
 
==Related Countermeasures==
  
 
==Categories==
 
==Categories==
[[Category:OWASP ASDR Project]]
 
[[Category:Vulnerability]]
 

Latest revision as of 18:18, 11 April 2009

Template:CandidateForDeletion 

#REDIRECT Positive_security_model

Description

NOTE: This probably should be made into a principle - Don't use blacklist. New attacks are being developed everyday, which makes it difficult or nearly impossible in some cases to make a complete blacklist. Instead positive whitelist, which specifies what is allowed, should be used.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories

Retrieved from "https://wiki.owasp.org/index.php?title=Incomplete_Blacklist&oldid=58704"