Well, if it's a web site you visited about the only thing you can do is to make sure that your firewall and anti-virus programs are up to date.
If it's a web site you own, your code should run in a "jail" or similar sandbox atmospheres that impose firm limitations between the process and the operating system. This may efficiently put a ceiling on code executed by your software. (Ex) Unix chroot jail and AppArmor. So the whole, managed code must be in some protected area.
Use a good input validation strategy. Decline any input that does not strictly conform to specifications, or transform it into something that does. Use a blacklist to reject any unexpected inputs and detect potential attacks. (Ex) %, <, $, @, and even ( ) can be used by an attacker to gain access to your program/code.
To diminish the chances of code injection, use strict whitelists that set boundary which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker can reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Look into programs similar to Sandboxie. It won't prevent the execution of any mailicious programming but it helps prevent infectiing your system. Sandboxie is similar to a virtual machine.
"I used to think the worst thing in life was to be all alone. It's not. The worst thing in life is to end up with people who make you feel all alone." Robin Williams
Comments
Well, if it's a web site you visited about the only thing you can do is to make sure that your firewall and anti-virus programs are up to date.
If it's a web site you own, your code should run in a "jail" or similar sandbox atmospheres that impose firm limitations between the process and the operating system. This may efficiently put a ceiling on code executed by your software. (Ex) Unix chroot jail and AppArmor. So the whole, managed code must be in some protected area.
Use a good input validation strategy. Decline any input that does not strictly conform to specifications, or transform it into something that does. Use a blacklist to reject any unexpected inputs and detect potential attacks. (Ex) %, <, $, @, and even ( ) can be used by an attacker to gain access to your program/code.
To diminish the chances of code injection, use strict whitelists that set boundary which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker can reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Look into programs similar to Sandboxie. It won't prevent the execution of any mailicious programming but it helps prevent infectiing your system. Sandboxie is similar to a virtual machine.