ext_32648 (
goldsquare.livejournal.com
) wrote
in
jducoeur
2013-12-18 05:47 pm (UTC)
no subject
I'd certainly look for ANYTHING which contains a cross-script call of some kind: using colon, double slash (or backslash) and a standard IP, IPV6 or Domain Name. Do you want to take special care when referencing something that COULD be suspicious?
You may want to look at one of my favorite books on the topic - although it is somewhat aging now (perhaps there is a more-recent version):
How To Break Web Software
by Mike Andrews and James A. Whittaker. My copy is Copyright 2006.
http://books.google.com/books/about/How_to_Break_Web_Software.html?id=zEWvS-sTiNUC
http://www.qualitytesting.info/forum/topics/pdf-downloadhow-to-break-web
James A Whittaker has a much more recent book which I do not have, called "How Google Tests Software". That might have some interesting information.
And, for fun:
http://xkcd.com/327/
(
14 comments
)
Post a comment in response:
From:
Anonymous
(will be screened)
OpenID
(will be screened if not validated)
Identity URL:
Log in?
Dreamwidth account
Account name
Password
Log in?
If you don't have an account you can
create one now
.
Subject
HTML doesn't work in the subject.
Formatting type
Casual HTML
Markdown
Raw HTML
Rich Text Editor
Message
[
Home
|
Post Entry
|
Log in
|
Search
|
Browse Options
|
Site Map
]
no subject
You may want to look at one of my favorite books on the topic - although it is somewhat aging now (perhaps there is a more-recent version): How To Break Web Software by Mike Andrews and James A. Whittaker. My copy is Copyright 2006.
http://books.google.com/books/about/How_to_Break_Web_Software.html?id=zEWvS-sTiNUC
http://www.qualitytesting.info/forum/topics/pdf-downloadhow-to-break-web
James A Whittaker has a much more recent book which I do not have, called "How Google Tests Software". That might have some interesting information.
And, for fun: http://xkcd.com/327/