Here is some of the issues related XML,XLST,XSD. I know It is very rough list.
· Do validate all user inputs for XML/HTML/Script Tags-XML Injection
· Before creating an XML, data should be properly encoded to avoid XML injection. (Hacker can inject malicious script in the CDATA section)
· XML data should be validated using a native .Net class to ensure that it does not contain any malicious data.
· Serving XML/XSLT/XSD files over HTTP
· Clear text secrets in XML files
· XML Output Escaping Turned off
· XML files in the web root
· SQL injection using invalidated user inputs.
Friday, October 31, 2008
Interesting Example!!! Security ROI: Fact or Fiction?
Interesting Example!!!
Security ROI: Fact or Fiction?
Airport security. Assume that all the new airport security measures increase the waiting time at airports by—and I'm making this up—30 minutes per passenger. There were 760 million passenger boarding in the United States in 2007. This means that the extra waiting time at airports has cost us a collective 43,000 years of extra waiting time. Assume a 70-year life expectancy, and the increased waiting time has "killed" 620 people per year—930 if you calculate the numbers based on 16 hours of awake time per day. So the question is: If we did away with increased airport security, would the result be more people dead from terrorism or fewer?
From CSOnline.
Security ROI: Fact or Fiction?
Airport security. Assume that all the new airport security measures increase the waiting time at airports by—and I'm making this up—30 minutes per passenger. There were 760 million passenger boarding in the United States in 2007. This means that the extra waiting time at airports has cost us a collective 43,000 years of extra waiting time. Assume a 70-year life expectancy, and the increased waiting time has "killed" 620 people per year—930 if you calculate the numbers based on 16 hours of awake time per day. So the question is: If we did away with increased airport security, would the result be more people dead from terrorism or fewer?
From CSOnline.
Subscribe to:
Posts (Atom)