Chapter 9. Mitigating bypasses and attacks
Information in this chapter:
• Protecting Against Code Injections
Thus far in this book, the discussion has centered on how to break existing filters, create strings that bypass firewall and filter rules, and trick devices into doing things they are not supposed to do. Throughout this discussion, the focus has been on offensive computing, as opposed to defensive computing and protection, with the idea being that it is more beneficial to developers to know how to attack a Web application than it is to blindly learn how to defend it. In this chapter, the authors deviate from the course a bit and focus on defensive computing. In particular, the authors teach and discuss best practices ...