The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

The application should perform context-dependent

validation of the data being inserted, in as strict a manner as possible.

For example, if a cookie value is being set based on user input, it may

be appropriate to restrict this to alphabetical characters only, and a max-

imum length of six bytes.

■■

Output validation — 

Every piece of data being inserted into headers

should be filtered to detect potentially malicious characters. In practice,

any character with an ASCII code below 0x20 should be regarded as

suspicious, and the request should be rejected.

Applications can prevent any remaining header injection vulnerabilities

from being used to poison proxy server caches by using HTTPS for all appli-

cation content.

Frame injection is a relatively simple vulnerability that arises from the fact that

in many browsers, if a web site creates a named frame, then any window

opened by the same browser process is permitted to write the contents of that

frame, even if its own content was issued by a different web site.