ext_288897 ([identity profile] ilaine-dcmrn.livejournal.com) wrote in [personal profile] jducoeur 2013-12-18 07:24 pm (UTC)

In general the reason whitelisting is preferred over black is there are so many forms of encoding that it is very difficult to make the blacklist sufficiently comprehensive. For example, you need to know the various unicode expressions of your blacklist entries as well as ascii.

The OWASP ESAPI might be of use to you:
https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

(14 comments)

Post a comment in response:

(will be screened)
(will be screened if not validated)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.