Improving Web Application Security: Threats and Countermeasures

O

obfuscation, 173

object constructor strings

code review, 638

storing secrets in, 306

objects

handing out references, 623

passing as parameters, 639

SQL Server default permissions of, 531

objectUri, 359360

OdbcPermission, 142, 396

OLE DB, 240241

OleDbPermission, 143, 193, 239, 240

Olson, Erik, foreword, xlivxlv

one-click attacks, 292

one-way hashes, 283

open hack challenge, xlviii

operating system/platform security layer, 223

optional permissions, 624

OraclePermission, 143, 193

organization of this guide, liiilvi

original caller identity, 124

original user identity, 109

out-of-process state service, 568

output

encoding, 612

encoding for cross-site scripting, 273

outputting input, 609

over-privileged application and service accounts, 34