InfoSec Institute – IT Training and Information Security Resources – SQL Injection through HTTP Headers.
Security is an important consideration to be made if you write any sort of server-side code in any capacity. Leaving clients exposed does a disservice to everyone involved, and to do the best job you can in protecting the systems you build should be a high priority for us all. I try to follow that by staying up to date with best practices and reading what I can about Web app security. This article got me thinking.
We’re (more-or-less) well acquainted with input sanitization and working towards XSS prevention, but it’s rare to read about the risks involved with headers and cookies. Just like working with input variables, it’s nearly standard procedure to work with headers and cookies so we should afford the same respect to those vectors as well.
With the browser tools and extensions available to us today, it’s trivial to modify the data that gets sent to servers. Keep that in mind when you’re building your next Web app.