Forum
RaGe10940
Gotta Love Hiawatha
23 February 2013, 06:00
Hiawatha version: 8.7
Operating System: 12.04 Desktop
notice all the warning signs in the tabs
banned for 10 hours. 46 got through, but at that point you should be also properly Filtering Input and Escaping output. Not bad Hugo, I turned off the denied body for hiawatha (all the attacks got through) and even then I passed all 616 tests.
https://addons.mozilla.org/en-us/firefox/addon/xss-me/
take a look at this tool. Pretty cool in my opinion
Operating System: 12.04 Desktop
External image via http://www.freeimagehosting.net/newuploads/21w5d.png
notice all the warning signs in the tabs
banned for 10 hours. 46 got through, but at that point you should be also properly Filtering Input and Escaping output. Not bad Hugo, I turned off the denied body for hiawatha (all the attacks got through) and even then I passed all 616 tests.
https://addons.mozilla.org/en-us/firefox/addon/xss-me/
take a look at this tool. Pretty cool in my opinion
Hugo Leisink
23 February 2013, 07:58
Nice! Please note that using DenyBody comes with a performance price. Only use it when there is no other option left. Secure website code is of course the best way to go.
RaGe10940
23 February 2013, 14:26
Yes of course, and yes secure code is by far the best work around in an attempt on your site. Two phrases are "Sanitize/Validate Input" and "Escape Output" Still though the Denied Bodies is pretty dam cool.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
