[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Date: Thu, 29 May 2008 15:25:44 +0100

Ok, so you've changed your mind then; the HEAD-redirect-to-GET isn't
anything unique. 

Which leaves you with making people aware of the problems with
implicit-allow rules.  Which is old news.  Which is where we started
out.

Martin...

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  - From: Arshan Dabirsiaghi
- RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  - From: Arshan Dabirsiaghi
- RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  - From: Arshan Dabirsiaghi

Prev by Date: RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Next by Date: RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Previous by thread: RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Next by thread: RE: [WEB SECURITY] Bypassing URL Authentication and Authorization with HTTP Verb Tampering
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site