Defense in Depth
Never rely on a single point of defense. Your application is often the last layer between an attacker
and back -end systems such as a database or a fi le server, which, in turn, may be connected to a
corporate network. If your application is hacked, then these systems may be exposed to the attacker.
By using several layers of defensive techniques in your application such as input validation, secure
SQL construction, and proper authentication and authorization, your application will be more
resilient against attack.
Never Trust Input
As you discovered in the example attack earlier in this chapter, a simple change to an input into the
application may result in a security breach. Input is everything that comes into your application
during run -time — user data entry, the click of a button, data loaded from a database or remote
system, XML fi les, anything you cannot know about at the time your application is compiled.
Every single piece of input should be validated and proved correct before you process it. If invalid
input is sent to your application, then your application must cope with it correctly, and not crash or
otherwise act upon it.
Таалагдаж Магад
-
Зургаахан жилийн өмнө News Corp 580 сая ам.доллараар үнэ цохиж худалдаж авч байсан MySpace сайт шалдаа бууж 35 саяар зарагдлаа. Уг сайты...
-
Шинэлэг содон бүхнийг санаачлагч Apple компани өчигдөр App Store сайтаас 200 сая гаруй iPhone, iPad болон iPod хэрэглэгчдийн татсан apps 15 ...
-
Like water filling an ice-cube tray, SEO can fill up all the hours in the day you are willing to give it. So let’s get this painful truth ou...
-
Google Chrome сүүлд гарч ирсэн ч хамгийн шилдэг хөтөчүүдийн тоонд зүй ёсоор орох билээ. Хэрэглэхэд хялбар цэвэрхэн энгийн ойлгоцтой хамгийн ...
-
Дэлхийн эрүүл мэндийн байгууллагаас гар утас тархины хорт хавдар үүсгэх аюул бий болгоно гэсэн дүгнэлт хийжээ. Үүний дараа "cnet" ...
0 comments:
Post a Comment