3. par·a·noi·a nparanoia [pӕrəˈnoiə] a type of mental illness in which a person has fixed & unreasonable ideas that he/she is very important, or that other people are being unfair or un-friendly to him/her 3
4. in Yahoo!, they are just people who care a lot about web security 4
18. XSS Filter all input that you are going to save Be aware of the data you are saving URL should save only urls Numbers should save only numbers Never open up your site based purely on trust
25. <iframename="pharma” style="display:none;"></iframe><form id="pform” action=“http://www.mybiz.com/post_message” method="POST” target="pharma”><input type="hidden" name="message" value="Cheap medicine at ..."></form><script>document.getElementById('pform').submit();</script>
26. Issue a unique token / crumb that only your server would know for that sessionCheck if the posted data has that token
27. For normal posts, use a time bound token <?phpfunction get_nonce() { return md5($secret . ":" . $user . ":" . ceil(time()/86400));}?>For more sensitive posts, use a token that is stored in user session
Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. In the year 2011 the estimated figure for spam messages are around seven trillion. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge.
Not everyone is technical, we as developers understand many concepts of security and try to be cautious But normal users do not understand many of these concepts Keeping the web safe for such kind of users is very important