<$BlogRSDURL$>

Random notes from yet another Finnish nerd. This blog reflects mostly my life with computers and stuff, rather than my real life.

May 01, 2004

After reading an article on mobile phone blogging I finally decided to roll my own blog. Expect to find more or less useless thoughts on computers, photography etc. here.

Microsoft Dev Days took place last thursday. The emphasis was on programming secure code. Some hands-on examples were actually quite good stuff. The coverage however could've been more thorough. Examples included standard exploits such as SQL injection (e.g. text ''; drop table address --' typed into a web app's search input field) and cross site scripting (e.g. text <script>location.href='spammer.com'</script> typed when creating a new record in some web app. This gets run by some one else's browser unless the output was properly HTML encoded).
Comments: Post a Comment

This page is powered by Blogger. Isn't yours?