Security

Using libpcap in C

libpcap allows us to capture or send packets from a live network device or a file. This tutorial and code examples will walk you through using libpcap to find network devices, get information about devices, process packets in real time or offline, send packets, and even listen to wireless traffic.

Preventing Cross-site Scripting (XSS) with CakePHP 2.x

Without proper care, developers can leave their CakePHP website open to cross-site scripting attacks. Controllers using scaffold functions do not take care to sanitize data, and leaves the website vulnerable. When using the bake tool in the console, it generates controllers as simple as the scaffold version. Some suggest storing the unsanitized data and escape the dangerous characters on output. In a perfect world I would agree with this approach, but it is easy to forget to sanitize output every time, or for an amateur developer to be ignorant of the dangers.

Writing Secure Code with CakePHP 2.x Forms

CakePHP is one of my favorite web frameworks. There is one glaring security hole that caught my attention though. Without proper care from the developer, users have the potential to tamper with data sent with forms. For example, a common operation is to take the value from a form and save it like this:

$this->User->save($this->request->data['User']);

Let's say the user manipulates the form and adds this line: