Discover Vendors/Products News
Bug Watch: Developers at fault
Many developers fail to understand the nuances of the HTTP protocol and assume that it is too difficult, or not worth the trouble, for an attacker to assault their custom application. Developers must assume that every packet of data not coming from the organisation's hosts and servers can be modified.
Infrequently, 'security aware' sites manage to correctly implement input validation rules for client data. Unfortunately, all client-side checking and data validation processes can be bypassed by an attacker using commonly available tools and methodologies.
The link for this article located at VNUNet is no longer available.