[Hone Your Ninja Skill] Whitelist filter bypass ("URL")


In input validation, whitelisting approach is said to be better than blacklisting one.  Yet non-robust implementation in whitelisting  could also allow attacker to bypass your defense.


Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

The important "expires" attribute of Set-Cookie

HttpOnly Session ID in URL and Page Body | Cross Site Scripting