How to Break Web Software
April 21, 2006
There is a good presentation on Google Video called How To Break Web Software - A look at security vulnerabilities in web software given by Mike Andrews to Google staff. Mike's book also happens to be called How to break web software.
I really liked the session hi-jacking part of the talk, he showed a tool that visualizes the entropy (or randomness) of your session id's. An attacker can then look for weaknesses in the algorithm to guess session id's.
He also does a good job explaining why you should be concerned about XSS.
Tweet
add to del.icio.usRelated Entries
- Announcing Web Application Firewall for ColdFusion - July 9, 2007
- Web Application Vulnerabilities trump Buffer Overflows - November 2, 2006
- HackMyCF Scanner Updated - February 1, 2011
- Path Traversal Vulnerability Security Hotfix for ColdFusion Released - August 12, 2010
- Using AntiSamy with ColdFusion - August 5, 2010
Trackbacks
Trackback Address: 558/E1726F001AB9AAFC18E5504A206C61D9
Comments
On 04/24/2006 at 12:43:23 AM EDT Mike Andrews wrote:
1
Thanks for the link Pete. I did a post of my own about the trip - http://bug-box.blogspot.com/2006/04/google-tech-talk.html
On 09/08/2007 at 9:32:52 AM EDT Abhishek Pandey wrote:
2
Baroda My name is Abhishek Pandey and i am working in
On 10/18/2007 at 6:19:41 PM EDT fgfgjhghj wrote:
3
http://www.forex.co.ir http://www.meta-fx.com forex ?????
On 12/20/2007 at 1:07:31 AM EST Abhishek Pandey wrote:
4
I am niit student and i am working with software companies and my home address is A/30 block 3 Parisharm Park Near ITI gorwa
Post a Comment
Recent Entries
- Nginx redirect www to non www domain
- HashDOS and ColdFusion
- HackMyCF Updated for APSB11-29 Security Hotfix
- Adobe eSeminar on FuseGuard
- Determining Which Cumulative Hotfixes are Installed on ColdFusion
- Adding Two Factor Authentication to ColdFusion Administrator
- ColdFusion Developer Week at Adobe.com
- Bug Loading Scripts for CFFileUpload and CFMediaPlayer
