Getting Started
Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
Website Vulnerabilities
Protecting Against
SQL Injection Attacks
About the Author
Protecting against insufficient authorization
Improper access to secure areas of the website
.
Need to carefully examine program logic
Consider establishing an Access Control List (ACL)
Careful planning needed
Customer requirements should be taken into account
Improper authority for low level accounts
.
Need to apply the principal of
least privileges
Especially true for database access
+
o
-