Tweet What is it and why should I care? HTTP Parameter Pollution (HPP) is a technique that allows you to “override or add HTTP GET/POST parameters by injecting query string delimiters”. This term was created and popularized by a 2009 paper that showed you could tinker with request parameters, specifically by sending the same parameter […]
Tweet What is it and why should I care? Caching is a mechanism by which browsers and proxy servers store local copies of remote objects in order to improve performance of the system by not having to fetch these items repeatedly. (That’s actually a decent description of caching in general.) Caching is wonderful for performance, […]
Tweet What is it and why should I care? While trust spawns interesting philosophical discussions, here I want to discuss the implications of trust within the applications we build. Trust is a funny thing in that we implicitly give it frequently without considering what we’re trusting. A simple example: //bad bad do not use executeDbQuery(“select […]
Tweet What is it and why should I care? Reducing the attack surface of an application or system means reducing the ways that you can interact with the application, and may involve reducing the functionality the application provides. To most business folks, this sounds very, very bad. However, at its’ core, it’s really just a […]
Tweet What is it and why should I care? Application layer intrusion detection is a simple concept that I believe is very, very powerful when it comes to protecting applications. Most of the topics I’ve covered thus far have focused on the development portion of the software life-cycle, but this topic really covers the entire […]