Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Imple

from [SPI Labs] Network Security [Permanent Link]
Subject: Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]
Date: Mon, 7 Aug 2006 16:28:54 -0400 

"One new feature of "Web 2.0", the movement to build a more responsive
Web, is the utilization of XML content feeds which use the RSS and Atom
standards. These feeds allow both users and Web sites to obtain content
headlines and body text without needing to visit the site in question,
basically providing users with a summary of that sites content.
Unfortunately, many of the applications that receive this data do not
consider the security implications of using content from third parties
and unknowingly make themselves and their attached systems susceptible
to various forms of attack."


[Link]
Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf


[Contact Information]
spilabs@spidynamics.com
SPI Dynamics, Inc.
115 Perimeter Center Place N.E.
suite 1100
Atlanta, GA. 30346
Toll-Free Phone: (866) 774-2700

SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists; SPI Dynamics is the leader in Web application security
technology. With such signature products as WebInspect, SPI Dynamics is
dedicated to protecting companies' most valuable assets. SPI Dynamics
has created a new breed of Internet security products for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2006 SPI Dynamics, Inc. All rights reserved worldwide.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs <=
Previous by Date:  Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov
Next by Date:  Environment for testing WebApp Security Scanners, René Palige
Previous by Thread:  ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho
Next by Thread:  Environment for testing WebApp Security Scanners, René Palige
Indexes:  [Date] [Thread] [Top] [All Lists]