• color
• date
• datetime
• datetime-local
• month
• week
• time
• email
• number
• range
• search
• tel
• url

The implementation of this new feature couldn’t be easier, simply specify the “type” attribute of your input field and let the browser handle the rest. For example, by specifying an input type of “email”, Chrome will validate the input to ensure it is a validly formed email address. In Safari on iOS devices, the virtual keyboard will automatically change to be more email address friendly (by adding the @ sign and .com buttons).

All of this functionality comes with no additional scripting by the developer. For convenience, this is exciting news. User input can now be validated client side to ensure users are actually putting an email in that field and not a phone number. For security though, there is absolutely no added benefit. Much as attackers have been substituting values for years, so they will continue. The new input types do not prevent an attacker from submitting values of their choosing via an intercepting proxy.

The old adage still holds true, “If the user can access it, they can abuse it.” Use these new input types for helping good users submit accurate data on the first attempt, but continue server side data validation and sanitization to prevent attackers from owning your application.

My goals in the next 14 days:

1. Two a day workouts – Cardio in the AM, weights in the PM
2. Read, learn, experiment with WebAppSec
3. Enjoy my new baby and wife

An old man, going a lone highway,
Came, at the evening, cold and gray,
To a chasm, vast, and deep, and wide,
Through which was flowing a sullen tide. 

The old man crossed in the twilight dim;
The sullen stream had no fear for him;
But he turned, when safe on the other side,
And built a bridge to span the tide. 

“Old man,” said a fellow pilgrim, near,
“You are wasting strength with building here;
Your journey will end with the ending day;
You never again will pass this way;
You’ve crossed the chasm, deep and wide-
Why build you this bridge at the evening tide?” 

The builder lifted his old gray head:
“Good friend, in the path I have come,” he said,
“There followeth after me today,
A youth, whose feet must pass this way. 

This chasm, that has been naught to me,
To that fair-haired youth may a pitfall be.
He, too, must cross in the twilight dim;
Good friend, I am building this bridge for him.” 

By Will Allen Dromgoole

Posted via email from brooksgarrett’s posterous

Posted via email from brooksgarrett’s posterous

Posted via email from brooksgarrett’s posterous

Posted via email from brooksgarrett’s posterous

wc -l filename.csv gives the number of lines in a file.

split -l 65000 -d supertimeline.csv supertimeline will generate
multiple files named supertimeline.00 (01, 02, etc) with 65000 lines
each. -l is the line count and -d tells split to use digits for the
prefix instead of letters (00 instead of AA). The second supertimeline
parameter tells split to use supertimeline as the prefex. Omitting the
prefix (supertimeline) and -d will result in files named xaa, xab,
xac, xad, etc.

Posted via email from brooksgarrett’s posterous

Posted via email from brooksgarrett’s posterous