[nycphp-talk] Web app security scanners
Chris Shiflett
shiflett at php.net
Sun Apr 23 20:19:45 EDT 2006
> So in the name of "robustness" isn't it still a god idea to sanitize
> everything?
I think this thread illustrates one of the challenges faced by the
security community - inconsistent vocabulary. I've seen strip, filter,
and sanitize used to describe various types of activity, including escaping.
All input should be filtered, without exception. Inspection is better
than stripping, and escaping is an entirely different topic (of equal or
greater importance).
Chris
More information about the talk
mailing list