CGISecurity Logo
  • Top 10 Web 2.0 Attack Vectors

    "On the “server-side”, XML based Web services are replacing some of the key functionalities and providing distributed application access through Web services interfaces. These remote capabilities to invoke methods over GET, POST or SOAP from the Web browser itself provide new openings to applications. On other side, RIA frameworks running on XML, XUL, Flash, Applets…

  • Ajax Security Basics Article

    "Ajax is considered the next step in a progression towards the trumpeted, "Web 2.0." The purpose of this article is to introduce some of the security implications with modern Ajax web technologies. Though Ajax applications can be more difficult to test, security professionals already have most of relevant approaches and tools needed. The authors will…

  • Ajax Storage: A Look at Flash Cookies and Internet Explorer Persistance

    An Anonymous Employee Writes " Foundstone has an interesting write up on their site about Flash shared objects and other AJAX caching developments from a security angle. The Dojo JavaScript Framework already includes code to make use of this. These "cookies " can save larger amounts of data, can be accessed across domains, across web…

  • ALERT: Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability Discovered

    CERT has issued a warning against a new web based threat entitled a "Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability". According to the founder of DSHIELD Johannes Ullrich "If on April 1st you have specific non default settings in Internet Explorer, visit a serious of 4 specific websites in order through a specific…

  • Application Security Predictions For The Year 2006

    In 2005 published application security vulnerabilities have exploded. If you're subscribed to mailing lists such as bugtraq you know just how often Cross Site Scripting, SQL Injection, or Remote Command Execution vulnerabilities are discovered and exploited. I've prepared a prediction outline for the year 2006 exclusively covering the threats that the web brings. Worms and…