PDA

View Full Version : Web forms security



andy16
09 Apr 2010, 09:35 AM
Hey guys,


I am fully aware of the basic security precautions in regards to input fields and "get" (from the URL). However, apart from inserting HTML/CSS/JavaScript code into a text field to change the look of a website and SQL injection, I am interested in knowing what else is possible; I know how to protect my site from this, but I would like a deeper understanding of which threats I am protecting my sites from, and what the consequences can be if I don't (again, excluding SQL injection). I am not asking you to tell me how to hack a website; I am just interested in knowing what else is possible for hackers to take advantage of if I did not deal with JavaScript code insertion in my text fields (I assume JavaScript is what is used the most?).

Say I have a login form on my website with unprotected fields, but no "gets" in my URL (forgot if there is another name for it, but no ?var=value in the URL) - which opportunities does the hacker have? Would it be possible to steal people's account information by providing them with a link with code in it if the site does not use "get"? Or some other way?


Thanks in advance!

Jason
09 Apr 2010, 11:51 AM
Check out this Site.

http://phpsec.org/projects/guide/