The HDIV project recently released version 2.1.0.RC2 of their Java Web Application Security Framework. Among HDIV's features is that it guarantees integrity (no data modification) of non editable page data when transmitted from the browser to the server, confidentiality and generic validations for editable data.
Hi folks, This time I'm in some trouble. Please help me in this issue. My site will have forms with number of text fields, I'll store the form data in MySQL database and later those data will be fetched and populated on web pages. Now, the forms are filled up by users, so I need to escape all unwanted characters while keeping the necessary ones intact. Suppose I get a field data in the form of $_POST. So far I was using combination of mysql_real_escape_string, htmlentities, striptags
Cross-site scripting (XSS) occurs when an attacker introduces malicious scripts to a dynamic form that allows the attacker to capture the private session information. In this article, Anand K. Sharma casts light on the areas vulnerable to XSS exploitation, explains how the user can protect himself, and details what the webmaster can do to secure a site from this type of malicious intrusion.
Shirsat. IJIRIS:: International Journal of Innovative Research in Information Security, Volume V (Issue IV):
21-24(April 2018)1. Gary Stoneburner, Alice Goguen, and Alexis Feringa, "Risk Management Guide for Information Technology Systems", Recommendations of the National Institute of Standards and Technology, Special Publication 800-30, pp.1-5, July 2002 2. Richard Kissel, Kevin Stine, Matthew Scholl, Hart Rossman, Jim Fahlsing, Jessica Gulick, "Security Considerations in the System Development Life Cycle ",October 2008, pp. 2-3 3. Ugur Aksu, Hadi Dilek, ˙Islam Tatlı, Kemal Bicakci,˙Ibrahim Dirik,Umut Demirezen, Tayfun Aykır,Ä Quantitative CVSS- Based Cyber Security Risk Assessment Methodology For IT Systems", 23-26 Oct. 2017,IEEE 4. Daniel Tse, Zehan Xie, Zhaolin Song,Äwareness of information security and its implications to legal and ethical issues in our daily life",10-13 Dec. 2017,IEEE 5. Ayesha M. Talha, Ibrahim Kamel, Zaher Al Aghbari, "Enhancing Confidentiality and Privacy of Outsourced Spatial Data", 2015 IEE9E 2nd International Conference on Cyber Security and Cloud Computing, 2015 6. 074747474.5ark Stamp’s, “Information Security Principle and Practice”,Vol-4, Wiley Interscience, pp. 386, 405, 2006.