Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [WEB SECURITY] Fundamental error in Corsaire's paper?

from [Brian Eaton] Network Security [Permanent Link]
Subject: Re: [WEB SECURITY] Fundamental error in Corsaire's paper?
Date: Fri, 28 Apr 2006 11:38:59 -0400 
Interesting discussion, thanks to those participating.  I do want to
point out that in most cases cookie paths are used for functional
reasons and not as a security measure.  It would be a shame for
someone to read this thread and somehow conclude that cookie paths are
evil.

Someone who wants to set a particular cookie path so their application
works properly shouldn't hesitate to do so.

Someone who wants to set a particular cookie path as a security
measure probably needs to think a bit more about their threat model.

Regards,
Brian

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Web Site Certification, Adam Tuliper
Next by Date:  Poll: Emerging Threats, Jon R. Kibler
Previous by Thread:  RE: [WEB SECURITY] Fundamental error in Corsaire's paper?, Amit Klein (AKsecurity)
Next by Thread:  RE: [WEB SECURITY] Fundamental error in Corsaire's paper?, Amit Klein (AKsecurity)
Indexes:  [Date] [Thread] [Top] [All Lists]