Security Principles for PHP Applications by Eric Mann

Security Principles for PHP Applications by Eric Mann

Author:Eric Mann [Eric Mann]
Language: eng
Format: epub
Tags: Core Programming, Security
Publisher: php[architect]
Published: 2017-12-02T05:00:00+00:00


Stored XSS

The second form of Cross-Site Scripting attack involves storing the attacker’s payload in your own datastore. This can happen merely because the application neglected to sanitize user input before writing it to disk. It’s rendered effective when the application also neglects to escape data coming from the database before printing it to the screen.

Note: Failing to sanitize input isn’t the only way a stored attack can occur. An attacker might be able to corrupt your data store by way of a side channel (another application on the server) or inject their malicious payload directly. It’s a good idea to always sanitize user data before persisting it to disk, but it’s even more important to ensure you properly escape the data when it’s pulled back out of storage for use in output.



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.