Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Interesting article on how development and web centric architecture

from [Saqib . N . Ali] Network Security [Permanent Link]
Subject: Re: Interesting article on how development and web centric architecture change peoples views of security
Date: Thu, 19 Aug 2004 22:11:42 -0700 
vulnerable you are to CSRF (Cross Site Request Forgery) attacks. On the 
other hand an application that uses Basic HTTP Authentication (old 

school) 

is likely to be a target of CSRF attack.


Sorry I meant:

On the other hand an application that uses Basic HTTP Authentication (old 
school) is LESS likely to be a target of CSRF attack.

Thanks.
Saqib Ali
http://validate.sf.net

Saqib.N.Ali@seagate.com wrote on 08/18/2004 10:57:28 AM:


Good article.

I agree that CRYPTO by itself  is not the holy grail. The whole IT 
architecture should be security aware.

There always has to be a balance between adopting new technology and 
maintaining security. 

For e.g. CDSSO (Cross Domain Single Sign One) may make life easier for 

the 

users, but the more applications, you have, that use CDSSO, the more 
vulnerable you are to CSRF (Cross Site Request Forgery) attacks. On the 
other hand an application that uses Basic HTTP Authentication (old 

school) 

is likely to be a target of CSRF attack.


In Peace,
Saqib Ali
http://validate.sf.net  <<< DocBook XML -> HTML/PDF Convertor


"Mark Curphey" <mark.curphey@foundstone.com> wrote on 08/17/2004 

06:54:46 

AM:






http://www.infosecurity-magazine.com/features/julyaug04/paulus_julyaug.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Recent App Test, Bill Pennington
Next by Date:  Re: mutual SSL proxy, Rush Molekilla
Previous by Thread:  Re: Interesting article on how development and web centric architecture change peoples views of security, Saqib . N . Ali
Next by Thread:  Recent App Test, ramatkal
Indexes:  [Date] [Thread] [Top] [All Lists]