Wednesday, November 22, 2017

What is csrf and xss clean?

          CSRF :

Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.

Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application

XSS clean :

the attack is basically a type of code injection attack which is made possible by incorrectly validating user data, which usually gets inserted into the page through a web form or using an altered hyperlink. The code injected can be any malicious client-side code, such as JavaScript, VBScript, HTML, CSS, Flash, and others. The code is used to save harmful data on the server or perform a malicious action within the user’s browser.

Unfortunately, cross-site scripting attacks occurs mostly, because developers are failing to deliver secure code. Every PHP programmer has the responsibility to understand how attacks can be carried out against their PHP scripts to exploit possible security vulnerabilities. Reading this article, you’ll find out more about cross-site scripting attacks and how to prevent them in your code.

Preventing Cross-Site Scripting Attacks

  •     Data Validation

  •     Data Sanitization

  •     Output Escaping

  • Htmlspecialchars :

    • The htmlspecialchars() function converts some predefined characters to HTML entities.

  • HTML entities

    • The htmlentities() function converts characters to HTML entities.

  • Strip_tags

    • The strip_tags() function strips a string from HTML, XML, and PHP tags.

    • Note: HTML comments are always stripped. This cannot be changed with the allow parameter.

    • Note: This function is binary-safe.

      --------------------------------------------------------------------------------------------

       

Trim()

The trim() function removes whitespace and other predefined characters from both sides of a string.


ltrim() - Removes whitespace or other predefined characters from the left side of a string

rtrim() - Removes whitespace or other predefined characters from the right side of a string

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...