Network Security: Detailed info on Re: Code Review for Critical Application e.g Internet banking

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Code Review for Critical Application e.g Internet banking

from [mike] Network Security

[Permanent Link]

Subject:	Re: Code Review for Critical Application e.g Internet banking
Date:	22 Jul 2006 17:37:18 -0000


Clicking on a randomized arrangement of letters on a Web page to enter a 
password provides almost no security benefit. Any Win32 malware can insert 
itself into a web page and use Javascript to detect where the mouse is clicked 
or what key values are stored. 

Mike

-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, 
Advanced Automated Capabilities for Penetration Testers, PCI Compliance 
Reporting, Token Analysis, Authentication testing, Automated JavaScript 
execution and much more. 
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Code Review for Critical Application e.g Internet banking, John Greiter RE: Code Review for Critical Application e.g Internet banking, Andrew Chong Re: Code Review for Critical Application e.g Internet banking, mike <=

Previous by Date:	Re: Protecting posted variables, Brian Rectanus
Next by Date:	Fwd: SF new article announcement: After an Exploit: mitigation and remediation, Andrew van der Stock
Previous by Thread:	RE: Code Review for Critical Application e.g Internet banking, Andrew Chong
Next by Thread:	Identity 2.0, Evans, Arian
Indexes:	[Date] [Thread] [Top] [All Lists]