Thursday, April 23, 2009

OWASP Podcast #17 - Interview with RSnake

OWASP Podcast #17, an interview with Robert Hansen, is now live! Robert achieved fame and glory in the early wild west days of web application security working for e-bay. He's also the brain behind the Google-approved security blog, http://ha.ckers.org .


"courtesy" of ha.ckers.org

Thursday, April 9, 2009

OWASP Podcast #16 - Interview with Dave Aitel

The first rule of Fight Club is: you do not talk about Fight Club.

OWASP Podcast #16, an interview with Dave Aitel, covers a wide variety of topics. Dave
started working as a security researcher for the NSA at the age of 18 and has no shortage of experience to pull from in this interview.

To listen to OWASP Podcast #16, you can download the mp3 file directly, subscribe to the RSS feed or subscribe directly through iTunes!




Tuesday, April 7, 2009

Form input names with reserved words and JQuery

When you have an HTML form that contains an input field with the name of "action" or "submit" - submitting a form via javascript becomes problematic.

Normally, Jquery users would simply call $("#formid").submit() after referencing a form. However, if your form contains an input field named "submit" (like <input name="submit">) then $("#formid").submit() does not submit the form.

This is my workaround - essentially programatically clicking the submit button, instead of programatically submitting the form.

<html>
<head>
<script src="jquery-1.3.2.js"></script>

<script>
$(document).ready(function() {
alert('action=' + $("#formid").attr("action"));
alert('try to submit');
$("#sneaky").click();
});
</script>

</head>
<body>
<form action="http://www.testdomain.net/actionworksok" id="formid">
<input type=submit name=testname id=sneaky>
<input name=action value=test1>
<input name=submit value=test2>
</form>
</body>
</html>

Monday, April 6, 2009