Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Instantiating an executable from a web browser.

from [Scott, Richard (IS)] Network Security [Permanent Link]
Subject: Instantiating an executable from a web browser.
Date: Thu, 8 Feb 2007 09:29:06 -0600 
Forum,

I've come across some interesting architectures, but I think this one is
the most puzzling right now.  I have a system that requires a java
application to run in a localized environment (desktop).  The
application is part of a group of tools that fit in to a web based
framework that rely on a web based method of authentication and
authorization.  The problem is this, without ripping the application
apart, there needs to be some AAA surrounding how this desktop
application is loaded on the desktop using the web based AAA.

The question is, how can a browser securely and safely execute
win32/java based desktop applications?  The only way I can see this
happening is creating a command shell and safely passing command
parameters to it.  But the browser in which this executable needs to be
launched is locked down by policies.  Any ideas would be appreciated.

Browser <------------------> AAA
     |
     |
    \|/
Launch win32/Java desktop application local desktop.

Cheers,
Ricc

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional XSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?, Danett song
Next by Date:  Re: Instantiating an executable from a web browser., Colin Bean
Previous by Thread:  Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?, Danett song
Next by Thread:  Re: Instantiating an executable from a web browser., Colin Bean
Indexes:  [Date] [Thread] [Top] [All Lists]