[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] HPP protection

From: "application.secure application.secure" <application.secure@xxxxxxxxx>
Subject: [WEB SECURITY] HPP protection
Date: Tue, 10 Nov 2009 15:31:07 +0100

--001636459350259489047805294d
Content-Type: text/plain; charset=ISO-8859-1

Hello,

I was implementing a protection against HPP for an IIS-ASP website.
After 1 our of work, I'm understanding that it's not possible to build this
kind of protection at application level...
Of course, the concatenation of string is done at webserver level... so
before my application(detection) process...
;)

HPP is an application attack pattern which can not be detected at
application level.

Am I right?

--001636459350259489047805294d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello,<br><br>I was implementing a protection against HPP for an IIS-ASP we=
bsite.<br>After 1 our of work, I&#39;m understanding that it&#39;s not poss=
ible to build this kind of protection at application level...<br>Of course,=
 the concatenation of string is done at webserver level... so before my app=
lication(detection) process...<br>
;)<br><br>HPP is an application attack pattern which can not be detected at=
 application level.<br><br>Am I right?<br>

--001636459350259489047805294d--

Follow-Ups:
- Re: [WEB SECURITY] HPP protection
  - From: Achim Hoffmann
- Re: [WEB SECURITY] HPP protection
  - From: lavakumar kuppan

Prev by Date: Re: [WEB SECURITY] Strict-Transport-Security on https://www.paypal.com
Next by Date: Re: [WEB SECURITY] HPP protection
Previous by thread: [WEB SECURITY] Dark home
Next by thread: Re: [WEB SECURITY] HPP protection
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site