[Owasp-codereview] No input paths still not 100% secure?

Nam Nguyen namn at bluemoon.com.vn
Mon Jun 23 06:44:58 EDT 2008


Eoin wrote:
> I suppose all systems have some sort of data?
> be it from a user or a B2B system or from a legacy database, or a batch file
> feed?
> 
> The data has to come from somewhere and such data must be validated and the
> transactions relating to the input of such data must be examined.

Agreed.

However, the statement that we are discussing about assumes that such
system does not take in any data at all. In that sense, I could only
imagine "hello world". And how could "hello world" not be 100% secure?

Maybe I'm missing something here. By "input mechanism", do you only
consider inputs entered by a human, not taken from other systems?

Cheers
Nam

> 
> 
> 
> On 23/06/2008, Nam Nguyen <namn at bluemoon.com.vn> wrote:
>> Hi
>>
>> I'm reviewing the newly added chapter Transaction Analysis (or is it
>> Transactional Analysis?).
>>
>> This statement caught my eyes and I kept pondering how it could be
>> exemplified.
>>
>> "Would systems lacking an input mechanism be 100% secure? Probably not."
>>
>> I mean, "hello world" is not 100% secure?
>>
>> Could someone share with me an example of such vulnerable system please?
>>
>> Thanks
>> Nam



More information about the Owasp-codereview mailing list