a diagram that *clearly* shows the diff between input validation & output encoding, sprinkled w/overloaded terms that could mean either
-
-
Replying to @SushiDude
Just scrawl a giant "YES" over it. Or maybe a little "please do both" down in the corner.
1 reply 0 retweets 2 likes -
Replying to @apiary
my complaint is many ppl assume they're the same e.g. "SQLi's an input validation problem" & ppl use "sanitize" for inpval *or* outenc
3 replies 1 retweet 1 like -
Replying to @SushiDude @apiary
I once wrote a sermon about it for PoC||GTFO. Find it on pg. 76 of issue 0x12: https://www.alchemistowl.org/pocorgtfo/pocorgtfo12.pdf …
1 reply 3 retweets 3 likes -
Replying to @andreasdotorg @SushiDude
This is beautiful. I have recently been preaching against the interloping Java Servlet Filters, and there's some hope on these pages.
1 reply 1 retweet 1 like -
Replying to @apiary @andreasdotorg
definitely a much more entertaining and complete read than the O'Reilly example CWE-20/CWE-116 relationship notes :)
1 reply 0 retweets 0 likes
Thank you both, much appreciated. :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.