|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Canonicalization
From: Jason (security
brvenik.com)
Date: Thu Apr 13 2006 - 09:33:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Check out the research done by Sourcefire for the Snort project for some
tools and discussion that I think you will find helpful.
http://www.sourcefire.com/products/library.html#wp
- No registration required:
http://docs.idsresearch.org/http_ids_evasions.pdf
and HTTP Chameleon
http://code.idsresearch.org/SetupHttpChameleon.zip
or for *nix systems
http://code.idsresearch.org/encoder.c
susam_palyahoo.co.in wrote:
> I am writing some examples. Please tell me if these are the examples of Canonicalization.
>
> 1. When an web application gets parameters from a GET request or POST request, and if that parameter is going to be used as a part of an SQL query, then the programmer must take care to convert the single-quote (') to two single-quotes('') for Oracle Database in order to prevent SQL injection. Is this canonicalization?
>
> 2. Take a guestbook of a site. The feedback given is going to appear back in the web-page. Here we need to take care that things like "<font>" should be converted to ">font<" before it appears on the page. Is this a case of canonicalization?
>
> -------------------------------------------------------------------------
> This List Sponsored by: SPI Dynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!"
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world
> examples of recent hacking methods such as: SQL Injection, Cross Site
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------
>
>
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]