Reddit Reddit reviews Gray Hat Hacking : The Ethical Hacker's Handbook

We found 2 Reddit comments about Gray Hat Hacking : The Ethical Hacker's Handbook. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Networking & Cloud Computing
Gray Hat Hacking : The Ethical Hacker's Handbook
Check price on Amazon

2 Reddit comments about Gray Hat Hacking : The Ethical Hacker's Handbook:

u/Count_Herp_Von_Derp · 13 pointsr/netsec

Sanitize all the inputs! I wasn't a coder so I had no idea how sanitation works, or whether all XSS can be stopped.

I once did a xss exercise on an app where I just went through the XSS Cheat Sheet

At first I did regular javascript. It was fixed. Then I did some Hex Encoded javascript. Then finally... to prove a point I did some Unicode javascript. Simply sanitizing for each type of XSS encoding trick isn't enough.

\u003CXSS\u00A0STYLE\u003Dalert\u0028\u0022XSS\u0022\u0029\u003E

The above line gets decoded as this:

<XSS STYLE=alert("XSS")>

Nice unicode conversation app.

http://rishida.net/tools/conversion/

---------------------------------------------

http://coding.smashingmagazine.com/2011/01/11/keeping-web-users-safe-by-sanitizing-input-data/

Prepared Statements:

http://stackoverflow.com/questions/687787/how-should-i-sanitize-database-input-in-java

Check out Grey Hat Hacker, the bit about client side browser stuff is cool.

Also: http://seclists.org/

Then there's always this: http://docs.oracle.com/javaee/5/tutorial/doc/bnbyk.html

Edit: formatting and stuff.

u/jklmnb · -1 pointsr/netsec

start here, continue here, report back in two months.