Tuesday, October 16, 2007

Welcome to my blog!

Hi, and welcome to my blog! I've wanted to have a blog for a while now, but I have finally mustered the courage to actually create one. I will attempt to be as least boring as possible, but no promises. BTW, if you're not a total nerd like I am, this site will serve as an excellent cure for insomnia. Anyway, on to my first post.

It seems that the topic of the day, every day, is information security. Rarely does a day go by when I don't hear about having to perform code reviews because an application may have been the cause of a server breach -- or something along those lines. Web developers today have a growing number of attack vectors to be wary about -- XSS attacks, SQL injections, etc. In addition to others, the first place a potential hacker usually starts is by exploiting form fields to pass unexpected values to an application. As a web developer, one should try to anticipate any and every form of malicious data being passed to the application via HTTP GET or POST requests. A handy tool that I use when writing code is the Tamper Data plug-in for FireFox.

When you are running Tamper Data, it will intercept all form submissions and server requests and ask you if you'd like to tamper with the data before it is sent to the server. This is an excellent way to test various types of inputs in POST requests, where the values aren't so freely available to play with as they are in GET requests. This is also a good lesson to burgeoning web developers: just because you set a form's method to POST, doesn't mean people can't mess with the values of data after the form is submitted!

I know this was kind of an uber-techy post and I will try to post more about technologies that are useful to everyone, but this is one of my favorite plug-ins!

No comments: