This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Template:Application Security News

From OWASP

Revision as of 21:43, 24 May 2006 by Jeff Williams (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Custom escaping considered harmful - "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."

Oracle teaches developers security - "These classes generate results: There are many examples of developers who identified and fixed security bugs in their own code after taking the security training class."

Retrieved from "https://wiki.owasp.org/index.php?title=Template:Application_Security_News&oldid=3527"