![]() Blacklisting is prone to error and can be bypassed with various evasion techniques and can be dangerous when depended on by itself. ![]() When building secure software, whitelisting is the recommended minimal approach. For example a whitelist validation rule for a US state would be a 2-letter code that is only one of the valid US states. Whitelisting or whitelist validation attempts to check that a given data matches a set of “known good” rules.However, this defense could be evaded with a lower case script tag or a script tag of mixed case. ![]() For example, a web application may block input that contains the exact text in order to help prevent XSS.
0 Comments
Leave a Reply. |