11:59 PM
Chintan Gurjar
2.Not Allowing Special Characters :-
The sensitive part of the website like search box and all that where mostly attacker gives this type of special character for attacking with SQL and XSS.
/
<
>
So if in coding we are blocking this type of character to input no 1 even will able to input such characters neither in that particular box nor from URL.So how will he check that its vulnerable or not?So we can be secrured.
Another Handy trick that we can do is this.
Servers coding should do in such a way that if any attacker puts this type of special characters to attack,then rather to redirect on 404.php(if result has not come),it should redirect on a page which displays a POPup with the message that your original IP address and the MAC adress has been fetched up.This was the trap.So if any attacker even finds the vulnerability he wont even think to exploit it again after seeing this msg.
So,far as I am the PHP developer I know about this function so made tutorial to prevent SQL injection on PHP sites.I am assuming that there may be functions like this in .NET and JAVA.So, one must use it to secure site by coading.Why to pay extra money to security analyst if PHP is giving such a good inbult functions like these.
Thank you Guys.
Contact Me :-
Facebook :-https://www.facebook.com/h4nDs0m3.dEviL
Twitter :- https://twitter.com/#!/FrogMode (Recommended To Follow Me)
Posted in: SQL Injection
2 Visitor Reactions & Comments:
Post a Comment
For Guest Posts or your valuable suggestions... drop email on "[email protected]"