| [ naslovna ] | [ za webmastere ] |  |
Cookie
07-02-2008 13:08 Template for WebScarab Scripted  If you've ever used WebScarab and been interested in the scripted tab, here is a nice template to get you started. One of the problems with the default template is that it leaves a lot of work to just get the output displayed to the window. I created two easy helper methods (printRequest and printResponse) and also rearranged the layout to be easier to traverse. Edit the details at the bottom. It should be pretty clear. Never used webscarab? Time to learn. -Michael Coates< >> Kompletan tekst: Feedburner 07-02-2008 13:08 Template for WebScarab Scripted If you've ever used WebScarab and been interested in the scripted tab, here is a nice template to get you started. One of the problems with the default template is that it leaves a lot of work to just get the output displayed to the window. I created two easy helper methods (printRequest and printResponse) and also rearranged the layout to be easier to traverse. Edit the details at the bottom. It should be pretty clear. Never used webscarab? Time to learn. -Michael Coates< >> Kompletan tekst: Feedburner 07-02-2008 17:40 PCI-DSS references the outdated OWASP Top Ten  I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and s >> Kompletan tekst: Jeremiah Grossman 07-02-2008 17:37 PCI-DSS references the outdated OWASP Top Ten I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and session m >> Kompletan tekst: Jeremiah Grossman 07-02-2008 17:37 PCI-DSS references the outdated OWASP Top Ten I’m sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers “Cover prevention of common coding vulnerabilities in software development processes”, you’ll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007:6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and session m >> Kompletan tekst: Jeremiah Grossman 07-04-2008 7:35 Cookie Path Traversal Not sure if anyone actually cares about this, but thought I might just throw it out here: I found out a while ago that if a server is running IIS (or something else which accepts windows-style paths), then it is possible to get cookies sent to paths that they do not belong to by using an encoded backslash to indicate a directory delimiter like this: http://www.microsoft.com/en/us/test/..%5Cdefault.aspxIt works on all the browsers I tested (latest versions of IE, Firefox, Opera & Safa >> Kompletan tekst: kuza55 07-07-2008 5:04 Opera Arioso! So, my dear Firefox and Explorer fanboys :) I have something special today for Opera users only. I'm pretty excited by Opera's Userscripts that allow you to write Javascript files that are far richer than greasemonkey Userscripts -which is also supported by Opera- I've written a security plugin for Opera last night, that attempts to mitigate various Javascript attack vectors. But, one problem for writing a security plugin is that we usually need to process a script before it gets ren >>Kompletan tekst: 0x000000
|
|
© Security Net, kontakt [@] security-net [.] biz, Keywords