Articles

Automatic Request Filter in PHP
Filtering plays a very important role when you are thinking about securing your application against malicious attacks. Security is a very important aspect while developing a web application. There are several kinds of attacks that could be used to break into your web application. Based on the kind of attack the results that hacker gets also varies. Suppose you have SQL injection vulnerability in your application using SQL injection vulnerability an attacker can do lots of things, simplest being getting information related to users registered in your web application. And when a hacker has information about your user he can do a lot of things. However we are not going to discuss it in detail.


Filtering plays a very important role when you are thinking about securing your application against malicious attacks. Security is a very important aspect while developing a web application. There are several kinds of attacks that could be used to break into your web application. Based on the kind of attack the results that hacker gets also varies. Suppose you have SQL injection vulnerability in your application using SQL injection vulnerability an attacker can do lots of things, simplest being getting information related to users registered in your web application.

Secure File Upload Form: PHP Programming
This is my first Article in ClubHack and I wish to be here with some more nice articles!! This Article is about Developing Secure File Upload Form. Web Pages having File Upload Forms are most commonly seen. These forms are intended for users who want to upload one’s photograph, resume, application, video file or any other kind of file as per the need and requirement. If your website or web application is having such a form or if you are planning to enable file uploads then this article is for you.


Hello ClubHack readers !

This is my first Article in ClubHack and I wish to be here with some more nice articles!!

This Article is about Developing Secure File Upload Form.

Web Pages having File Upload Forms are most commonly seen. These forms are intended for users who want to upload one’s photograph, resume, application, video file or any other kind of file as per the need and requirement. If your website or web application is having such a form or if you are planning to enable file uploads then this article is for you.

Basics of Android Secure Coding
Android is an OS designed for Smart phones. The phones are meant for office productivity apps, games, social networks etc. The phone comes pre-installed with a selection of system applications, e.g., phone dialer, address book, but the platform gives ample opportunities for the developers to create their own applications and publish into the huge android market, so called the “Play Store”.


Android is an OS designed for Smart phones. The phones are meant for office productivity apps, games, social networks etc. The phone comes pre-installed with a selection of system applications, e.g., phone dialer, address book, but the platform gives ample opportunities for the developers to create their own applications and publish into the huge android market, so called the “Play Store”.

Preventing Cross Site Scripting… Is it a myth!
I have been associated with understanding of cross site scripting for quite some time now. I have provided quite a few talks and presentation on this subject. Being a secure code reviewer, have found number of xss issues in the code. I have witnessed number of mistakes developers make. I would be interested in sharing some of my perspective about this attack. Since this is quite an old attack I would not be touching on its existence or trying to understand what XSS is! as there a quite a few blogs and sites available.


Introduction

Don’t Get Injected – Fix Your Code
When I began doing security review for web applications, one common issue that I encountered was ‘SQL Injection’. Developers used to pose several questions at me saying that their software is secure as they had followed several measures to mitigate this insidious issue. The main mitigation adopted was to use Stored Procedures or input validation. While this does reduce certain type of Injections, It doesn’t prevent all. In this article, I will explain what SQL Injection is and what one can do to prevent it.


When I began doing security review for web applications, one common issue that I encountered was ‘SQL Injection’.  Developers used to pose several questions at me saying that their software is secure as they had followed several measures to mitigate this insidious issue.

Local File Inclusion
What is Local File Inclusion? Local File Inclusion is a method in PHP for including Local files from the Local web server itself. This becomes vulnerability when the pages to be included from web servers are not sanitized properly and to exploit this vulnerability attacker can send modified http request to the server using a web browser.


What is Local File Inclusion?

Local File Inclusion is a method in PHP for including Local files from the Local web server itself.  
This becomes vulnerability when the pages to be included from web servers are not sanitized properly and to exploit this vulnerability attacker can send modified http request to the server using a web browser.