Web forms are still the gateway to security hell

Courtesy DaniWeb IT Discussion Community (Featured Entries)  Sat, 06/21/2008 - 06:40

Sandro Gauci, founder of EnableSecurity, has revealed that six years on from his 2002 report into extended HTML form attacks the problem has simply refused to go away.

The original report included details of how attackers could abuse non-HTTP protocols in order to launch Cross Site Scripting attacks, even in a situation where the target web application was not itself vulnerable to XSS.

This applied to most web browsers at the time. Now, he says, not much has changed. "Six...

Tags:

 

Related items

DNS Security Flaw In the Wrong Hands?
Halvar Flake is a researcher. Here's how he describes himself on his blog: "I like simple things. And complex things. And drinking beer with people...


 

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
We apologize for the inconvenience. Please help fight spam.
Popular by tags

Week

  • -- no stats yet --

Month
business.marc8.com