Network Security: Detailed info on Re: Security Issues with Workflow apps

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Security Issues with Workflow apps

from [Anthony Chan] Network Security

[Permanent Link]

Subject:	Re: Security Issues with Workflow apps
Date:	Mon, 12 Sep 2005 1:40:17 +0800

hi

you may want to use non-repudiation in the workflow system, like signing of 
digital cert.

From: Saqib Ali <docbook.xml@gmail.com>
Date: Fri 09/09/2005 7:28 AM GMT+08:00
To: "webappsec@securityfocus.com" <webappsec@securityfocus.com>, 
      security basics <security-basics@securityfocus.com>
Subject: Security Issues with Workflow apps

Hello All,

I am looking for some good articles that talk about Security Issue
relating to Workflow Application that use email as medium to
approve/reject actions.

For e.g. an attacker might intercept an workflow email, and use the
content to approve/reject a pending item, by spoofing an email to the
workflow auto-responder.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Security Issues with Workflow apps, Saqib Ali Re: Security Issues with Workflow apps, Anthony Chan Re: Security Issues with Workflow apps, Saqib Ali Re: Security Issues with Workflow apps, Anthony Chan <=

Previous by Date:	RE: security of _notes dirs, Griffiths, Ian
Next by Date:	RE: security of _notes dirs, michael acadia
Previous by Thread:	Re: Security Issues with Workflow apps, Saqib Ali
Next by Thread:	Obfuscating IIS 6.0, Bénoni MARTIN
Indexes:	[Date] [Thread] [Top] [All Lists]