Consulting Products Blog Contact Me

How to Break Web Software

April 21, 2006

books

web

There is a good presentation on Google Video called How To Break Web Software - A look at security vulnerabilities in web software given by Mike Andrews to Google staff. Mike's book also happens to be called How to break web software.

I really liked the session hi-jacking part of the talk, he showed a tool that visualizes the entropy (or randomness) of your session id's. An attacker can then look for weaknesses in the algorithm to guess session id's.

He also does a good job explaining why you should be concerned about XSS.

cfobjective pre-conf training

Permalink | Add Comment |

add to del.icio.us | Tags: security, xss, vulnerabilities, video, google

Related Entries

Announcing Web Application Firewall for ColdFusion - July 9, 2007
Web Application Vulnerabilities trump Buffer Overflows - November 2, 2006
Risks of FCKeditor Vulnerability in CF8 - July 6, 2009
Tips for Secure File Uploads with ColdFusion - June 24, 2009
CFPARAM for Simple String Validation - May 29, 2007

6 people found this page useful, what do you think?

WAF for CF

Trackbacks

Trackback Address: 558/E1726F001AB9AAFC18E5504A206C61D9

Comments

On 04/23/2006 at 10:43:23 PM EDT Mike Andrews wrote:

1

Thanks for the link Pete. I did a post of my own about the trip - http://bug-box.blogspot.com/2006/04/google-tech-talk.html

On 09/08/2007 at 7:32:52 AM EDT Abhishek Pandey wrote:

2

Baroda My name is Abhishek Pandey and i am working in

On 10/18/2007 at 4:19:41 PM EDT fgfgjhghj wrote:

3

http://www.forex.co.ir http://www.meta-fx.com forex ?????

On 12/19/2007 at 11:07:31 PM EST Abhishek Pandey wrote:

4

I am niit student and i am working with software companies and my home address is A/30 block 3 Parisharm Park Near ITI gorwa

Post a Comment

Spell Checker by Foundeo

Recent Entries

Basecamp

pfreitag on twitter

Archives:
2010 2009 2008 2007 2006 2005 2004 2003 2002