[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] HPP protection
- From: lavakumar kuppan <lavakumar.in@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] HPP protection
- Date: Tue, 10 Nov 2009 23:03:27 +0530
--00032555a2723f35ac047807b5ec
Content-Type: text/plain; charset=ISO-8859-1
Achim, that is correct in the case of IIS (ASP, ASP.NET).
However HPP on PHP, Java, Python etc happen at the application layer.
Luca and Stefano have shown plenty of examples of that.
Infact there are some interesting developments in HPP on Python, which they
recently talked about at seacureit.
Am not sure if the material is online, will see if I can send it through to
you, you might find it interesting.
Cheers,
Lava
On Tue, Nov 10, 2009 at 9:51 PM, Achim Hoffmann <webappsec@securenet.de>wrote:
> !! HPP is an application attack pattern which can not be detected at
> !! application level.
>
> HPP is an (web)server attack pattern on application layer.
>
> {-: Achim
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
--
Cheers,
Lava
http://www.lavakumar.com
--00032555a2723f35ac047807b5ec
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Achim, that is correct in the case of IIS (ASP, <a href=3D"http://ASP.NET";>=
ASP.NET</a>).<div><br></div><div>However HPP on PHP, Java, Python etc happe=
n at the application layer.</div><div><br></div><div>Luca and Stefano have =
shown plenty of examples of that.</div>
<div><br></div><div>Infact there are some=A0interesting=A0developments=A0in=
HPP on Python, which they recently talked about at seacureit.</div><div><b=
r></div><div>Am not sure if the material is online, will see if I can send =
it through to you, you might find it=A0interesting.</div>
<div><br></div><div>Cheers,</div><div>Lava</div><div><br></div><div><br><di=
v class=3D"gmail_quote">On Tue, Nov 10, 2009 at 9:51 PM, Achim Hoffmann <sp=
an dir=3D"ltr"><<a href=3D"mailto:webappsec@securenet.de";>webappsec@secu=
renet.de</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">!! HPP is an application attack pattern whi=
ch can not be detected at<br>
!! application level.<br>
<br>
HPP is an (web)server attack pattern on application layer.<br>
<font color=3D"#888888"><br>
{-: Achim<br>
</font><div><div></div><div class=3D"h5"><br>
<br>
---------------------------------------------------------------------------=
-<br>
Join us on IRC: <a href=3D"http://irc.freenode.net"; target=3D"_blank">irc.f=
reenode.net</a> #webappsec<br>
<br>
Have a question? Search The Web Security Mailing List Archives:<br>
<a href=3D"http://www.webappsec.org/lists/websecurity/archive/"; target=3D"_=
blank">http://www.webappsec.org/lists/websecurity/archive/</a><br>
<br>
Subscribe via RSS:<br>
<a href=3D"http://www.webappsec.org/rss/websecurity.rss"; target=3D"_blank">=
http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>
<br>
Join WASC on LinkedIn<br>
<a href=3D"http://www.linkedin.com/e/gis/83336/4B20E4374DBA"; target=3D"_bla=
nk">http://www.linkedin.com/e/gis/83336/4B20E4374DBA</a><br>
<br>
</div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>Cheers,<br>=
Lava<br><a href=3D"http://www.lavakumar.com";>http://www.lavakumar.com</a><b=
r>
</div>
--00032555a2723f35ac047807b5ec--
Brought to you by http://www.webappsec.org
Search this site
|