+1 On 6 Mar 2013 10:41, "Ulisses Montenegro" <[email protected]> wrote:
> Not including proper input validation and error handling in code samples > is one of the most common and harmful practices in the software development > industry -- doing it is not "optional" or "advanced", it is mandatory > unless you want to be pwned. > > Developers need to start doing things properly from the very beginning, as > habits become harder and harder to change with experience. > > > On Wed, Mar 6, 2013 at 7:33 AM, Benji <[email protected]> wrote: > >> Actually, adding input sanitisation really wouldnt increase the code size >> that much. Are you just incompetent? >> >> >> On Wed, Mar 6, 2013 at 7:46 AM, Źmicier Januszkiewicz <[email protected]>wrote: >> >>> Dear list, >>> >>> Well, I suppose this had to be a proof-of-concept piece of code to >>> demonstrate how port scanning can be done in PHP, not a production-grade >>> software. Adding input sanitization would increase the code size by a lot >>> and obscure the concept somewhat (not that there is much to be said anout >>> the concept though). Think we can give the dude some discount for that. >>> >>> Nevertheless, seeing something like this coming from "Certified Ethical >>> Hacker and Security + certified" makes me doubt the worthness of those >>> certificates. Could be nice to know the exact naming of those certificates >>> to properly disregard them in the future. >>> >>> With best regards, >>> Z. >>> >>> 2013/3/6 laurent gaffie <[email protected]> >>> >>>> >>>> http://resources.infosecinstitute.com/php-build-your-own-mini-port-scanner/ >>>> >>>> Finding the vulnerability in this code is left as an exercise to the >>>> reader. >>>> >>>> PS: "*Your comment will be awaiting moderation forever."* >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > “If debugging is the process of removing software bugs, then programming > must be the process of putting them in.” - *Edsger Dijkstra* > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
