[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Client-side validation in 2007?

From: "Dennis Groves" <dennis.groves@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Client-side validation in 2007?
Date: Sat, 13 Jan 2007 12:50:53 -0700

On 1/12/07, Martin O'Neal <martin.oneal@xxxxxxxxxxxx> wrote:


> how many people still find web applications using
> client-side validation being used for such things...

We still see many that have no validation and instead rely on the
database to enforce length and type (blurgh), but only a few that have
client-side only validation.

I would say the percentage of applications that we review that validate
thoroughly at all entry points (and respond appropriately) is less than
5%.

Martin...


Really? 5% I am not certain that I have ever even seen 1.

Dennis Groves

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Client-side validation in 2007?
  - From: Kurt Grutzmacher

Prev by Date: RE: [WEB SECURITY] Client-side validation in 2007?
Next by Date: [WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project
Previous by thread: RE: [WEB SECURITY] Client-side validation in 2007?
Next by thread: [WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site