Server Help

Quan Chi2

I know that one of the best ways to prevent XSS attacks is to limit user input, but its I really want to know some other ways if there are any. I'm used to remote file inclusion vulnerabilities, and I know how they work for the most part, but are there techniques for looking through my files to make sure they aren't vulnerable without missing anything? What techniques do you use?

Solo Ace · Posted: Sat Oct 14, 2006 5:24 pm *Post maybe stupid* Post subject:

'We' don't use a technique, 'we' just know the language 'we' write.

Quan Chi2 · Posted: Sat Oct 14, 2006 7:22 pm *Post maybe stupid* Post subject:

Well you must have some system you use to go through the files to check for vulnerabilities. :S

Cerium · Posted: Sun Oct 15, 2006 5:56 am *Post maybe stupid* Post subject:

In your case: Let someone else code it.

Seriously though, it's just making sure the user has little to no control over the values of important variables (IE: those used in queries or to specify files).

Also, MGB:
When I try to post using the quick reply option, I get a "You must enter a message when posting" error.
Did you take away my ability to use the quick reply?
_________________
There are 7 user(s) ignoring me right now.

Doc Flabby · Posted: Sun Oct 15, 2006 7:02 am *Post maybe stupid* Post subject:

or do what i do wait untill someone breaks it

_________________
Rediscover online gaming. Get Subspace | STF The future...prehaps

The Apache · Posted: Sun Oct 15, 2006 9:35 am *Post maybe stupid* Post subject:

Solo Ace · Posted: Sun Oct 15, 2006 2:48 pm *Post maybe stupid* Post subject:

Cerium, uhm, maybe your javascript's disabled or messed up/'secured'?

Cerium · Posted: Sun Oct 15, 2006 4:03 pm *Post maybe stupid* Post subject:

Yup... I installed NoScript recently and I keep forgetting to allow sites I visit.

Didn't even think about it until you guys mentioned it.