Title:Hawk Enterprises
Description:outhttp:www.hawkenterprises.orgsecuritymcafee-xss-vunerablity-and-php-xss-prevention-review.html dc:identifierhttp:www.hawkenterprises.orgsecuritymcafee-xss-vunerablity-and-php-xss-prevention-review.html dc:titleMcAfee XSS Vunerablity and PHP XSS Prevention Review trackback:pinghttp:www.hawkenterprises.orgsecuritymcafee-xss-vunerablity-and-php-xss-prevention-review.htmltrackback
Keywords:
Body:

Hawk Enterprises
Home
Hawk Enterprises
McAfee XSS Vunerablity and PHP XSS Prevention Review
Posted by hawk under SecurityLet Me Hear Your Thoughts 
Yes it #8217;s disgusting the people at McAfee have obvious XSS errors on their pages. Here is a bit from readwriteweb,
During tests this weekend, we discovered the company who claims to #8216;keep you safe from identity theft, credit card fraud #8230; #8217; has several cross-site scripting vulnerabilities and provides the bad guys with a brilliant — albeit ironic — launching pad from which to unleash their attacks
McAfee XSS Full Article
As you know we have showed other sites along with wordpress themes with obvious XSS problems. XSS shouldn #8217;t be a problem if you followed the following:
Dis-allow/Disable all character input to your database
Open only the inputs that are needed, ie Field First name only needs alpha characters upper and lowercase only.
Verify validation/filter rule works by using proper tests cases. Ha.ck.ers.org has a great list of tests to run, but obvious idea is try and break your own code
What this does is make it so characters such as gt; lt; and other high ascii don #8217;t make it into the html output or worse injected into the database. It #8217;s really as simple as that, prevent people from injecting lt;script gt; by only allowing alpha thus it would be #8220;script #8221; without the tag and thus render as characters and not an html tag.
If you must allow tags and dangerous characters contain the ability of that data to get lose.
Don #8217;t just output unfilter/validated data into the html render, code, database etc.
PHP provides a wealth of filters to help, you can go to php.net and lookup string functions or filter extensions, along with pear/pecl libraries or even build modules. Many options just use one.
hawk enterprises php development script download
Posted by hawk under Site NewsLet Me Hear Your Thoughts 
Hawk enterprises is one place where you can get information about programming, download php scripts, and read about news from the development lab of hawk enterprises.
We will be continuing to do this in reduced amounts as the weeks roll on. PHP programming has to take priority. In order for us to survive in this economy.
Look to the future we have a much more multi-faceted site coming.
Hindi via google translate
Posted by hawk under Site NewsLet Me Hear Your Thoughts 
I was going over the site today on Alexa and I noticed that now 20.9% of my visitors come from India, which beats my 20.7% coming from the United States. Obviously my native language is English, however I can #8217;t be bias like that.
Hindi is translated via Google so now all you have to do is click the link at the bottom, or this link right here and you have your native language.
lt;Translate hawkenterprises to Hindi
I also have the other two foreign languages spoke available as well French and Portuguese
All other languages are translated by using the flags at the bottom of this page and every page on hawk enterprises.
Next Page raquo;
Most Popular
Categories:
Dirty Scripts (14)
Games (5)
Passwords (2)
Security (4)
Site News (7)
Quotes
My Resume
Contact Us
Download Software
Search:
Donate for OSS
Keep software like this open and free.
RSS Feeds:
Dirty Scripts
Games
Passwords
Security
Site News
Hawk Enterprises 2009
20,292 dissidents [spam] purged [fried].
XHTML
CSS
Sitemap