Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: GET and POST Methods Accepted

from [John GALLET] Network Security [Permanent Link]
Subject: Re: GET and POST Methods Accepted
Date: Thu, 13 Oct 2005 14:40:18 +0200 (CEST) 
Hi there,


Do any of you test for this issue - what are your results?


It is so easy (check curl lib for example if you want to send post data in
automated scripts) to provide your application with the data the way you
want it, be it GET, POST, COOKIE, that it's not even worth bothering
checking how it came in.

Test the contents of your data, not the way the vars were transmitted.
 
Same goes for anything provided by the client such as referrer for 
example.

HTH
JG

PS : French speakers might be interested in 
www.saphirtech.com/securite.html about what's totally useless in terms of 
security considering how easy to spoof.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  myspace hack, Akash
Next by Date:  Re: myspace hack, Stephen de Vries
Previous by Thread:  Re: GET and POST Methods Accepted, Amit Klein (AKsecurity)
Next by Thread:  Re: GET and POST Methods Accepted, Eoin Keary
Indexes:  [Date] [Thread] [Top] [All Lists]