CGISecurity Logo

Topics

Tags

  • Top 10 Web 2.0 Attack Vectors

    Posted by Robert A on

    in
    | |

    "On the “server-side”, XML based Web services are replacing some of the key functionalities and providing distributed application access through Web services interfaces. These remote capabilities to invoke methods over GET, POST or SOAP from the Web browser itself provide new openings to applications. On other side, RIA frameworks running on XML, XUL, Flash, Applets…

  • Ajax Security Basics Article

    Posted by Robert A on

    in
    , ,
    | |

    "Ajax is considered the next step in a progression towards the trumpeted, "Web 2.0." The purpose of this article is to introduce some of the security implications with modern Ajax web technologies. Though Ajax applications can be more difficult to test, security professionals already have most of relevant approaches and tools needed. The authors will…

  • Ajax Storage: A Look at Flash Cookies and Internet Explorer Persistance

    Posted by Robert A on

    in
    ,
    | |

    An Anonymous Employee Writes " Foundstone has an interesting write up on their site about Flash shared objects and other AJAX caching developments from a security angle. The Dojo JavaScript Framework already includes code to make use of this. These "cookies " can save larger amounts of data, can be accessed across domains, across web…

  • ALERT: Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability Discovered

    Posted by Robert A on

    in
    , , ,
    | |

    CERT has issued a warning against a new web based threat entitled a "Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability". According to the founder of DSHIELD Johannes Ullrich "If on April 1st you have specific non default settings in Internet Explorer, visit a serious of 4 specific websites in order through a specific…

  • Application Security Predictions For The Year 2006

    Posted by Robert A on

    in
    , , ,
    | |

    In 2005 published application security vulnerabilities have exploded. If you're subscribed to mailing lists such as bugtraq you know just how often Cross Site Scripting, SQL Injection, or Remote Command Execution vulnerabilities are discovered and exploited. I've prepared a prediction outline for the year 2006 exclusively covering the threats that the web brings. Worms and…

Favorite Links

Twitter

Twitter

Popular Pages

WASC Threat Classification

Copyright 2000-2026 CGISecurity.com – The oldest application security site online, predating OWASP.