It’s good to be reminded of the fact that the internet is, in fact, a pretty hostile place.
At any point in time, it’s safe to assume that someone is trying to gain access to your application in ways you did not intend. Their goal might be to test your security, to steal your database content or just for the fun of watching your app burn.
For Oh Dear, the uptime monitoring we’re building, we are using an error and exception tracker called Flare.
This morning, I saw this e-mail come in.
That’s cute, someone is trying to determine if we escape output correctly by trying malicious input. If this would have worked, it could allow for JavaScript execution on pages where we did not intend it (like perhaps our status pages).
While it isn’t the goal of Flare to provide security alerts, it’s a nice side effect of monitoring for exceptions and errors.
So my question to any reader here: if someone did this in your application, would you know and be notified?