Fancy name isn't it. I just invented it on the spot, it actually has to do with my new .htaccess I use. I've written this over the weekend and tried to make it as small as possible. How about 17 lines that can save you a lot of headaches. I've used a similar system for a long time and it really works. SQL injection, HTML and Javascript injection is impossible this way. Sure, you can inject Swahili. But you can't launch an attack, and that is the whole point. I am no fan of intrusion detection systems alone. Most of them generate only logs and often they don't block the request. Funny, because you ought to block it because someone is messing with your system. Anyway, It prevents nearly any tampering and possible future XSS and SQL worms, and unknown attacks. I am a huge fan of simplicity.
Request Tamper Prevention.
By secgeeks - Posted on August 6th, 2007
95
vote
Bookmark/Search this post with:
http://www.secgeeks.com/trackback/875
