Merge pull request #49313 from tnir/tn-replace-firebug-in-security-guides [ci-skip]
doc: Firebug was replaced by Firefox/Chrome DevTools
This commit is contained in:
commit
ebcd7233ea
@ -579,7 +579,7 @@ This is alright for some web applications, but certainly not if the user is not
|
||||
|
||||
Depending on your web application, there will be many more parameters the user can tamper with. As a rule of thumb, _no user input data is secure, until proven otherwise, and every parameter from the user is potentially manipulated_.
|
||||
|
||||
Don't be fooled by security by obfuscation and JavaScript security. Developer tools let you review and change every form's hidden fields. _JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values_. The Firebug addon for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet.
|
||||
Don't be fooled by security by obfuscation and JavaScript security. Developer tools let you review and change every form's hidden fields. _JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values_. DevTools log every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet.
|
||||
|
||||
Injection
|
||||
---------
|
||||
|
Loading…
Reference in New Issue
Block a user