[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] "Meanwhile, on the other side of the web server" - a writeup by Amit Klein
- From: Richard Moore <rich@xxxxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] "Meanwhile, on the other side of the web server" - a writeup by Amit Klein
- Date: Fri, 10 Jun 2005 09:48:45 +0100
Nice summary Amit. One thing I'd add is the use of search engines
to allow an attacker to discover information that has been
incorrectly protected, or to find attack targets (as several
worms have done by searching for banners). Of course, these
attacks can occur without the attacker ever having to make
a request of your web app. I mentioned one example of this
on the risks list a while ago (I'm sure I wasn't the first),
but other searches such as 'this document is confidential'
still get lots of hits.
http://catless.ncl.ac.uk/Risks/22.64.html#subj9.1
Cheers
Rich.
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
Brought to you by http://www.webappsec.org
Search this site
|