Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [WEB SECURITY] Fundamental error in Corsaire's paper?

from [Dan Kuykendall] Network Security [Permanent Link]
Subject: Re: [WEB SECURITY] Fundamental error in Corsaire's paper?
Date: Thu, 27 Apr 2006 12:16:07 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Amit Klein (AKsecurity) wrote:

To turn the question back to you: GIVEN all the attacks discussed
above and in my paper, in which realistic scenario do
you perceive that setting the path makes the cookies more
secure than not setting it?


I know I'm not the one you are asking, but I think setting the path is
LESS secure. Not because of any technical reason, given the fact that
its easily circumvented, but because of the false sense of security that
gets placed by developers using the path.

- --
Dan Kuykendall (aka Seek3r)
http://www.mightyseek.com

In God we trust, all others we virus scan.
Programmer - an organism that turns coffee into software.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEURh3K8FkGutbdPMRAhRpAKCPJfdqhrsdVLY+RzIIxj9x+wloawCgkbMs
c/6354DSoCwIoAnP/gAk5Fo=
=I3mQ
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [WEB SECURITY] Fundamental error in Corsaire's paper?, Martin O'Neal
Next by Date:  RE: Web Site Certification, Adam Mikrut
Previous by Thread:  RE: [WEB SECURITY] Fundamental error in Corsaire's paper?, Amit Klein (AKsecurity)
Next by Thread:  RE: [WEB SECURITY] Fundamental error in Corsaire's paper?, Martin O'Neal
Indexes:  [Date] [Thread] [Top] [All Lists]