Skip to content
Monday, March 27, 2023
  • Operations
  • Other Properties (Public)
  • Portfolio

Application Security

Application Security

Two More Ways to Protect Your Web Site from Uploaded Malware

May 29, 2017terranceComment(0)

If your website has to accept file uploads, you might already have read my previous blog posts about protecting your Java-based site or your PHP-based site. Those posts talked about how to make sure that the uploaded file was the kind of file you were expecting — a PDF, an Excel worksheet, a JPEG, and […]

Application Security PHP

4 Ways to Protect Your PHP Website from File Uploads

April 7, 2017terranceComment(0)

Introduction Does your PHP website need to accept uploads? Do you maybe let customers upload graphics, or maybe PDFs? If you do, I have good news, and bad news. First, the bad news: Accepting uploads is stunningly dangerous. There might be rogue code lurking in that JPG that could compromise your WordPress site (like CVE-2014-1905). […]

Application Security Java

Your Java Web App Allows Uploads? I Am SO Sorry!

March 14, 2017terranceComment(0)

Introduction Does your Java web application have to allow users to upload files? My condolences! Uploading a file to your web server is like inviting the Trojans to bring in their horse. A big horse, made of wood, that sounds suspiciously hollow. Except for whatever’s rolling around in there. In some cases, that’s literally what’s […]

Application Security

XSS – Sometimes a Threat Needs a Specific Response

February 17, 2017terranceComment(0)

Ordinarily, I try to stay away from defending against specific attacks. Instead, I prefer to write software that is resistant to attacks using generalized defenses like input protections. However, there are some cases where an attack is so pervasive and its results so devastating that it deserves its own set of defenses. Cross site scripting […]

Application Security PHP

Can’t Use Whitelists for your PHP Web App? Don’t Abandon Hope!

February 1, 2017February 16, 2017terranceComment(0)

In my last post, I refreshed your memory about how whitelists are a great way protecting very focused Java web applications like financial systems. They’re not so great if you need to allow a wide range of input types, maybe even to the point of allowing customers to enter HTML tags. So what about PHP applications? If a […]

Posts navigation

1 2 … 4 Next

Recent Posts

  • Fortify Static Code Analyzer: Comparing Two Scans
  • Fortify Static Code Analyzer And Family Reporting: OWASP Top 10 Categories
  • Fortify Static Code Analyzer And Family Reporting: Basic Statistics
  • Fortify Static Code Analyzer and Family Reporting: Looking at a Scan
  • Introduction: Fortify Static Code Analyzer and Family Reporting
| Editorial by MysteryThemes.