Hackers of India

(secure) SiteHoster – Disable XSS & SQL Injection

By  Abhishek Kumar  on 25 Feb 2011 @ Nullcon


Presentation Material

nullcon 2011 - (secure) SiteHoster – Disable XSS & SQL Injection from n|u - The Open Security Community

Abstract

“Let Security Be Served By Web Server”, don’t push it on Web Developer. Background Information: Here, I’m suggesting a method using which Web Developer wouldn’t have to worry of user input validation to prevent XSS Attack; and User wouldn’t have to block javascript on its browsers… as this will subvert all the <SCRIPT/> not introduced by Web Developer. I’ll be using my Web Server just to show my PoC, as I’ve already implemented the required module in my Web Server. I’ve been working on a Web Server ‘ABK (secure) SiteHoster’ hosted at: http://sourceforge.net/projects/sitehoster