Show TOC Anfang des Inhaltsbereichs

Hintergrunddokumentation Secure User Interface  Dokument im Navigationsbaum lokalisieren

The trouble with Web applications is that you want users to come to your site and interact with the application. If the user makes unexpected entries (such as script commands) that the application does not handle correctly, an attacker could cause the server or the client/browser to perform unintended actions.

Therefore, the first guideline for developing a secure Web application is: ‘Never trust any information coming from the outside, and never assume anything about it’. All security decisions must have the underlying assumption that anything that can theoretically be manipulated by someone or something will actually be manipulated. For example, if an attacker makes entries such as manipulated SQL statements and the application does not filter the entries, he or she can get access to the internal database (SQL Code Injection).

The following sections describe examples for different vulnerabilities in Web applications and explain how to prevent them with secure programming. See:

     Cross-Site Scripting (XSS)

     SQL Injection

     Input Validation

     Canonicalization

     Directory Traversal

     URL Encoding and Manipulation

     Cookie Manipulation

 

Ende des Inhaltsbereichs