Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

forbid non-secure proxy access

from [trespiko] Network Security [Permanent Link]
Subject: forbid non-secure proxy access
Date: Wed, 13 Dec 2006 11:31:56 +0800 
hi!

can anyone give me pointers/how-to on how to block access to web client
using a non-secure proxy?

for example, I use paros in my notebook to intercept requests and
responses to/from an online banking
application.

I see this feature in blogger and gmail that have a warning like this:
"Retrieval of secure URLs through a non-secure proxy is forbidden.

This proxy is running on a non-secure server, which means that retrieval
of pages from secure servers is not permitted. The danger is that the
user and the end server may believe they have a secure connection
between them, while in fact the link between the user and this proxy is
insecure and eavesdropping may occur. That's why we have secure servers,
after all.

This proxy must run on a secure server before being allowed to retrieve
pages from other secure servers. "

 i want to implement in one of my applications using Java. Might be related
to the certificates, I guess



thanks

trespiko


-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's 
because hackers know to exploit weaknesses in web applications. 
Traditional approaches to securing these assets no longer apply. Download 
the "Addressing Challenges in Application Security" whitepaper today, and 
see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  WASC Articles Project - Call for Participants, robert
Next by Date:  CanSecWest 2007 (April 18-20) Call For Papers (Deadline January 7th), Dragos Ruiu
Previous by Thread:  WASC Articles Project - Call for Participants, robert
Next by Thread:  Re: forbid non-secure proxy access, my.info.lists@gmail.com
Indexes:  [Date] [Thread] [Top] [All Lists]