fake_Bezawada Posted July 7, 2016 Report Posted July 7, 2016 ippudu web services lo json response vastundhi kadha ajax or some js nunchi andhulo SQL injection vunte ela validate chestaru evarina baaga telisina vaalu vunte help me please Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 1 hour ago, Dustbin said: ravali ravali telisthe cheppu bhayyiah ippudu user validation appudu js lo input field text lo query rasi backend ki papmapdu anuko hibernate criteria loki direct ga pass chestham appudu adhi string ni query laaga construct chesukuni hit chesthadi db breakage avthadi alantivi ela avoid cheyyali ela validate cheyyali Quote
Dustbin Posted July 7, 2016 Report Posted July 7, 2016 46 minutes ago, fake_Bezawada said: telisthe cheppu bhayyiah ippudu user validation appudu js lo input field text lo query rasi backend ki papmapdu anuko hibernate criteria loki direct ga pass chestham appudu adhi string ni query laaga construct chesukuni hit chesthadi db breakage avthadi alantivi ela avoid cheyyali ela validate cheyyali Bhayya thread ni ltt chesa nenu anta pedda chaduvulu sadavaledu Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 Just now, Dustbin said: Bhayya thread ni ltt chesa nenu anta pedda chaduvulu sadavaledu same naalage anmata nuvvu kooda aythe mana iddari situation okate le bro Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 Just now, Dustbin said: Bhayya thread ni ltt chesa nenu anta pedda chaduvulu sadavaledu same naalage anmata nuvvu kooda aythe mana iddari situation okate le bro Quote
Dustbin Posted July 7, 2016 Report Posted July 7, 2016 1 minute ago, fake_Bezawada said: same naalage anmata nuvvu kooda aythe mana iddari situation okate le bro Java antivi sql antivi injection antivi malla naala antivi machine arustundi Quote
DannyArcher Posted July 7, 2016 Report Posted July 7, 2016 2 hours ago, fake_Bezawada said: ippudu web services lo json response vastundhi kadha ajax or some js nunchi andhulo SQL injection vunte ela validate chestaru evarina baaga telisina vaalu vunte help me please There are many , AFAIK these are the key points to take care : 1) After receiving the response , validate data type of value before sending it to database server 2) avoid using functions like eval , etc., which executes "js script " present in JSON . Instead use parse , string functions to work on json data Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 3 minutes ago, DannyArcher said: There are many , AFAIK these are the key points to take care : 1) After receiving the response , validate data type of value before sending it to database server 2) avoid using functions like eval , etc., which executes "js script " present in JSON . Instead use parse , string functions to work on json data ippudu data type ante fine bro integer float etc baane cheyachu but query String form lo vatchestundhi daanini ela identify chestham code lo emyana sample vunte ivvava Quote
DannyArcher Posted July 7, 2016 Report Posted July 7, 2016 2 minutes ago, fake_Bezawada said: ippudu data type ante fine bro integer float etc baane cheyachu but query String form lo vatchestundhi daanini ela identify chestham code lo emyana sample vunte ivvava Go through Second point . Use parse or stringify functions to work On response Json data . Lot of examples in the Internet pls check Quote
fake_Bezawada Posted July 7, 2016 Author Report Posted July 7, 2016 30 minutes ago, DannyArcher said: Go through Second point . Use parse or stringify functions to work On response Json data . Lot of examples in the Internet pls check oka manchi link padey bro naku pleaseeeee oka 1 week mee CBN,Balayya thread la joliki raanu Quote
SANANTONIO Posted July 7, 2016 Report Posted July 7, 2016 Ilanti dynamic/static risks ki OWASP guidelines follow aithe better, we used it for cross site scripting, sql injection etc...try follow https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet motham code marchadam kanna minimal changes tho aipothai with Esapi encoding technique Quote
Answer Posted July 7, 2016 Report Posted July 7, 2016 named parameters vadhu bro i think it might solve your question Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.