Blocking malicious URLs

Monday, 4 August 2003, 12:17 AM EST

Many years ago, Tim Berners-Lee, father of the World Wide Web, spoke at a conference. His message was that URLs that users could decipher were a bad idea. Web applications should employ URLs that are deliberately complex—black boxes for which only the Web server has a key. That way, programmers could ensure and control the user experience.

This makes sense from a security perspective as well: Apart from exposing the underlying logic of Web applications in a way that invites exploits like SQL injection, easily apprehended URLs facilitate attacks based on legal but malicious HTTP requests designed to break a server. Many exploits on many Web servers—most often Microsoft IIS—have been based on URLs that were technically legal but employed buffer overflows or similar techniques.

[ Read more ]




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //