From the course: CISSP Cert Prep (2021): 8 Software Development Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Output encoding
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Output encoding
- [Instructor] Output encoding is an important technique used to protect applications against potentially malicious input, such as that used in SQL injection and cross-site scripting attacks. The basic premise of outputting encoding is to take a potentially dangerous character and replace it with an equivalent string that produces the same result for the end user, but doesn't have the risk of maliciously manipulating the application. We can use two different types of encoding, HTML encoding uses an ampersand notation, and it's used for encoding values in a web document. URL encoding uses a percent sign notation and it's used for encoding values in a web address. There were some very common values that we output encode. The less than symbol used in HTML tag based attacks, such as cross-site scripting is HTML encoded as < and it's URL encoded as %3c while the greater than symbol is HTML encoded as > and URL encoded…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication/session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data deidentification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
-
-