54. User inputs used for LDAP queries should be sanitized before connection.
55. CR/LF characters sent within user inputs should not be directly appended within HTTP Responses on the application side (CRLF injection attack). User inputs should be properly sanitized.
56. Appropriate solutions against frame busting and clickjacking attacks should be implemented within web applications.
57. Penetration testing of a web application should be performed before the application becomes online.
58. CAPTCHA or similar anti-automation security controls should be implemented within HTML forms to prevent DoS, brute-forcing and dictionary attacks.
59. A timeout for search functionalities should be enabled against SQL Wildcard attacks which force databases to perform CPU-intensive queries by using several search wildcards like "%" or "*".
60. Authentication should be activated for accessing to web services implemented with SOAP, Restful, XML-RPC or similar technologies.
61. Authentication should be activated for accessing to web services implemented with SOAP, Restful, XML-RPC or similar technologies.
ใครเก่ง Eng แปลให้ที T-T
55. CR/LF characters sent within user inputs should not be directly appended within HTTP Responses on the application side (CRLF injection attack). User inputs should be properly sanitized.
56. Appropriate solutions against frame busting and clickjacking attacks should be implemented within web applications.
57. Penetration testing of a web application should be performed before the application becomes online.
58. CAPTCHA or similar anti-automation security controls should be implemented within HTML forms to prevent DoS, brute-forcing and dictionary attacks.
59. A timeout for search functionalities should be enabled against SQL Wildcard attacks which force databases to perform CPU-intensive queries by using several search wildcards like "%" or "*".
60. Authentication should be activated for accessing to web services implemented with SOAP, Restful, XML-RPC or similar technologies.
61. Authentication should be activated for accessing to web services implemented with SOAP, Restful, XML-RPC or similar technologies.