[Owasp-delhi] input / output sanitization

Venkatesh.Jagannathan at cognizant.com Venkatesh.Jagannathan at cognizant.com
Mon Feb 1 00:55:28 EST 2010


Hi Suresh,

            It does not matter whether u are talking about input sanitization or output sanitization.

 

And data that is used for framing the SQL needs to be validated, irrespective of its source. Even if the source is from within the database or is from any other trusted source, it is better to validate it from the database SQL perspective.

 

The same holds good for XSS as well.

 

Thanks & Regards,

Venkatesh Jagannathan (Venki) | Digital Security Practice |Ë: +91-91766 VENKI | +: 443037 |É: +91-44-47403000 x:443037 | ý: http://www.cognizant.com <blocked::http://www.cognizant.com/>  |€: http://www.linkedin.com/in/heyvenki <blocked::http://www.linkedin.com/in/heyvenki> 

P Avoid plastics. Use recycled paper bags. Save Trees. Avoid Printing.

+----------------------------------------------------------------------------+

| Thinking is the Capital, Enterprise is the way, Hard Work is the solution. |

|                       Avul Pakir Jainulabdeen Abdul Kalam - Ignited Minds. |

+----------------------------------------------------------------------------+

 

From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of suresh tiwary
Sent: Wednesday, January 27, 2010 3:25 PM
To: owasp-delhi at lists.owasp.org
Subject: [Owasp-delhi] input / output sanitization

 

hi OWASP Delhi,

Could 'sanitization' (input sanitization) be an effective remedy for sql injection ?

For XSS, which is better, input sanitization or output sanitization ?

Any industry standards for sanitizations ?

Thanks & regards,
suresh

 <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/[email protected]?> 

 


This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100201/4e716b44/attachment-0001.html 


More information about the Owasp-delhi mailing list