Comments on: Best Practice: Consider External Data Feeds Untrusted

By: Erzengel

Erzengel — Wed, 06 May 2009 06:16:17 +0000

Looks like they fixed it, I’m getting the NYT article when I click the link. It is a rather ironic article for it to happen on.

By: kingthorin

kingthorin — Tue, 05 May 2009 19:21:30 +0000

It’s a simple programming fact that input (whether from a user, file, or another site) should not be trusted.

nytimes.com is IMHO guilty of a 21st century cardinal sin, they blindly syndicated content without any validation of the input.

By: Andre Gironda

Andre Gironda — Mon, 04 May 2009 23:58:25 +0000

External content coming through the integration or business tiers is a serious issue and one that web application security scanners and web application firewalls are very poor at solving (since they focus only on the content between the client tier and presentation tier, i.e. HTTP or SSL).