This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Application Security News"
From OWASP
Line 1: | Line 1: | ||
+ | Post news stories to [[Application Security News]] | ||
+ | |||
; '''[http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]''' | ; '''[http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Custom escaping considered harmful]''' | ||
: "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure." | : "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure." |
Revision as of 19:20, 26 May 2006
Post news stories to Application Security News
- Custom escaping considered harmful
- "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."
- Oracle teaches developers security
- "We track the security training completion status of each developer and provide regular reports on training compliance to development management and to senior corporate management to ensure a level of security training is maintained in each organization."