[OWASP-GUIDE] Code Samples In

Gene McKenna mckenna at bluedot.com
Mon Jan 27 01:33:38 EST 2003


Finally ...

I've been busy. Work has taken me to places I didn't think
it would. I've been tucked away in an office at the World
Bank for the last two weeks. These guys are very security
conscious and I've proudly been telling them and the IMF
about the OWASP project.

But now ...

I have added source code samples for Data Input Validation
and SQL Injection Mitigation. Chapter 11, which discusses
these issues, has been rewritten somewhat and references to
the source code samples have been added. 

The source code samples are found in two new sections, 
Appendix B (appb.xml) and Appendix C (appc.xml). The
samples are for J2EE and Perl systems. Again, if anyone
is familiar with the Microsoft side of the world and
would like to add in those versions of the samples, that
would be very cool.

I still hope to add some source code samples for detecting
when a session has expired and a few options for what to
do about it. I could do this in J2EE only, as I don't think
session management is a standardized feature in Perl-based
CGI's.

Additionally, time permitting, I might extend the data
input validation to show an example of sanitizing the data
and I want to add code to show how to tell if a URL or 
hidden form data has been tampered with.

Other comments welcome.

GENE






More information about the Owasp-guide mailing list