Difference between revisions of "User:Neil Smithline"

From OWASP
Jump to: navigation, search
 
(5 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
* [https://twitter.com/#!/neil_smithline Twitter]
 
* [https://twitter.com/#!/neil_smithline Twitter]
 
* [http://www.linkedin.com/profile/view?2519386 LinkedIn]
 
* [http://www.linkedin.com/profile/view?2519386 LinkedIn]
 +
<br/><br/>
 +
<hr/>
 +
<hr/>
 +
Everything below this line is test wiki markup and should be ignored.
 +
 +
I know that the bullets are duplicated. This is only a formatting test, not content.
 +
 +
<div style="
 +
background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
 +
background-image: -webkit-gradient(
 +
linear,
 +
left bottom,
 +
left top,
 +
color-stop(0.34, #86E86A),
 +
color-stop(0.97, #CEF5D2)
 +
);
 +
padding: 5px 10px 5px 10px;
 +
border:2px solid #A1A1A1;
 +
border-radius:15px;
 +
-moz-border-radius:15px;
 +
font-size: 100%;
 +
font-weight: normal;
 +
text-align: left;
 +
line-height: 1em;
 +
position: relative;
 +
">
 +
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} |
 +
A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}}
 +
]]
 +
:Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
 +
{{Top 10:GrayBoxEnd|year=2013}}
 +
 +
<br/>
 +
 +
<div style="
 +
background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
 +
background-image: -webkit-gradient(
 +
linear,
 +
left bottom,
 +
left top,
 +
color-stop(0.34, #86E86A),
 +
color-stop(0.97, #CEF5D2)
 +
);
 +
padding: 5px 10px 5px 10px;
 +
border:2px solid #A1A1A1;
 +
border-radius:15px;
 +
-moz-border-radius:15px;
 +
font-size: 100%;
 +
font-weight: normal;
 +
text-align: left;
 +
line-height: 1em;
 +
position: relative;
 +
"
 +
 +
>
 +
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} |
 +
A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}}
 +
]]
 +
:XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
 +
{{Top 10:GrayBoxEnd|year=2013}}
 +
 +
<br/>
 +
<div style="
 +
background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
 +
background-image: -webkit-gradient(
 +
linear,
 +
left bottom,
 +
left top,
 +
color-stop(0.34, #86E86A),
 +
color-stop(0.97, #CEF5D2)
 +
);
 +
padding: 5px 10px 5px 10px;
 +
border:2px solid #A1A1A1;
 +
border-radius:15px;
 +
-moz-border-radius:15px;
 +
font-size: 100%;
 +
font-weight: normal;
 +
text-align: left;
 +
line-height: 1em;
 +
position: relative;
 +
">
 +
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} |
 +
A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}}
 +
]]
 +
:Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
 +
{{Top 10:GrayBoxEnd|year=2013}}
 +
 +
<br/>
 +
 +
<div style="
 +
background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
 +
background-image: -webkit-gradient(
 +
linear,
 +
left bottom,
 +
left top,
 +
color-stop(0.34, #86E86A),
 +
color-stop(0.97, #CEF5D2)
 +
);
 +
padding: 5px 10px 5px 10px;
 +
border:2px solid #A1A1A1;
 +
border-radius:15px;
 +
-moz-border-radius:15px;
 +
font-size: 100%;
 +
font-weight: normal;
 +
text-align: left;
 +
line-height: 1em;
 +
position: relative;
 +
"
 +
 +
>
 +
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} |
 +
A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}}
 +
]]
 +
:XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
 +
{{Top 10:GrayBoxEnd|year=2013}}

Latest revision as of 18:01, 27 August 2014

Neil Smithline has been writing client-server applications for nearly 20 years. Most recently he has specialized in application server security. Neil contributed to both the Top 10 2007 and Top 10 2010 documents. He was also the Wiki editor for both of them.

For more information about Neil, visit his homepage which includes contact information, a pointer to his resume, his blog, and other tidbits.

If you just wish to send him an email, you can contact him at username@owasp.org replacing username with neil.smithline.





Everything below this line is test wiki markup and should be ignored.

I know that the bullets are duplicated. This is only a formatting test, not content.

A1-Injection

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.


A2-Broken Authentication and Session Management

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.


A1-Injection

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.


A2-Broken Authentication and Session Management

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.