How to Break Web Software

April 21, 2006

How to break Web Software by Mike Andrews There is a good presentation on Google Video called How To Break Web Software - A look at security vulnerabilities in web software given by Mike Andrews to Google staff. Mike's book also happens to be called How to break web software.

I really liked the session hi-jacking part of the talk, he showed a tool that visualizes the entropy (or randomness) of your session id's. An attacker can then look for weaknesses in the algorithm to guess session id's.

He also does a good job explaining why you should be concerned about XSS.

Related Entries

6 people found this page useful, what do you think?


Thanks for the link Pete. I did a post of my own about the trip -
Baroda My name is Abhishek Pandey and i am working in forex ?????
I am niit student and i am working with software companies and my home address is A/30 block 3 Parisharm Park Near ITI gorwa

Recent Entries


did you hack my cf?