Part 8 Lab Solutions 2
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
9 hours 31 minutes
Hello and welcome to the side. Very secure coding course. My name is Sonny wear, and this is a WASP Top 10 for 2013 a three cross I scripting lab and solution.
This is the lab and solution for Web goat stored cross site scripting exercise.
now in the lesson plan. It says it's always good practice to scrub all input, especially those inputs that will later be used as parameters to OS command scripts and database queries.
It's particularly important for content that will be permanently stored somewhere in the application.
Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's messages retrieved.
And so what they're alluding to here is if I go ahead and type in a message,
people's cookie when they click on my message, right? And so here,
when someone goes to read my post and click my post, then they would become my victim.
Great. Okay, so I'm gonna hack your cookie.
the explanation here is that you basically do not want to
allow users to be able to post anything. First of all, anything that's posted you want to make sure runs through input validation,
especially before you decide to have it house permanently inside of your database and then likewise on the outbound. You want to make sure that anything you pull from the database or pull from a file or someplace where it's contained permanently you.
If you're going to display that, back out to your Web application, make sure that you do your output in coding.
And so here we have received a credit for this particular lesson.