Wednesday, November 22, 2017

What is csrf and xss clean?

          CSRF :

Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.

Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application

XSS clean :

the attack is basically a type of code injection attack which is made possible by incorrectly validating user data, which usually gets inserted into the page through a web form or using an altered hyperlink. The code injected can be any malicious client-side code, such as JavaScript, VBScript, HTML, CSS, Flash, and others. The code is used to save harmful data on the server or perform a malicious action within the user’s browser.

Unfortunately, cross-site scripting attacks occurs mostly, because developers are failing to deliver secure code. Every PHP programmer has the responsibility to understand how attacks can be carried out against their PHP scripts to exploit possible security vulnerabilities. Reading this article, you’ll find out more about cross-site scripting attacks and how to prevent them in your code.

Preventing Cross-Site Scripting Attacks

  •     Data Validation

  •     Data Sanitization

  •     Output Escaping

  • Htmlspecialchars :

    • The htmlspecialchars() function converts some predefined characters to HTML entities.

  • HTML entities

    • The htmlentities() function converts characters to HTML entities.

  • Strip_tags

    • The strip_tags() function strips a string from HTML, XML, and PHP tags.

    • Note: HTML comments are always stripped. This cannot be changed with the allow parameter.

    • Note: This function is binary-safe.

      --------------------------------------------------------------------------------------------

       

Trim()

The trim() function removes whitespace and other predefined characters from both sides of a string.


ltrim() - Removes whitespace or other predefined characters from the left side of a string

rtrim() - Removes whitespace or other predefined characters from the right side of a string

By -
Labels: , , , , , , , , ,

2 comments:

  1. ciitnoidaApril 24, 2018 at 12:28 AM

    CIIT Noida provides Best MCA Courses in Noida based on the current IT industry standards that help students to get high paying jobs in Top MNCs. CIIT provides Best MCA Training in Noida, Greater Noida, and Ghaziabad. CIIT is one of the trusted MCA training institutes in Noida providing practical knowledge and 100% job assistance with basic as well as advanced level MCA subjects. CIITN is the best MCA college in Noida, greater noida, ghaziabad, delhi, gurgaon regoin.

    At CIIT MCA classes in Noida is conducted by subject experts corporate professionals with 9+ years of experience in managing real-time and live projects. Sofracle Nano Specialized MCA classes Noida is the perfect blend of academic learning and practical sessions to provide maximum exposure to students that transform an average student into a corporate professional whom companies prefer to hire.

    Best MCA College in Noida

    ReplyDelete
  2. UnknownJuly 19, 2018 at 4:13 AM

    Wow i have read your blog post about CSRF and XSS clean.for Preventing Cross-Site Scripting Attacks. you have explained it very detail. the beginners can learn lot from this page. we have a company work on Php Development Company In Delhi

    ReplyDelete

Subscribe to: Post Comments (Atom)

How to Host a Laravel Project on Hostinger’s hPanel: A Step-by-Step Guide

How to Host a Laravel Project on Hostinger’s hPanel: A Step-by-Step Guide If you're looking to host a Laravel project on Hostinger’s hPa...