[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] HPP protection
- From: lavakumar kuppan <lavakumar.in@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] HPP protection
- Date: Tue, 10 Nov 2009 23:10:11 +0530
--00032555b3364df677047807cd22
Content-Type: text/plain; charset=ISO-8859-1
Got it!!, here it is http://blog.nibblesec.org/2009/11/hpp-seacureit.html
On Tue, Nov 10, 2009 at 11:03 PM, lavakumar kuppan
<lavakumar.in@gmail.com>wrote:
> Achim, that is correct in the case of IIS (ASP, ASP.NET).
>
> However HPP on PHP, Java, Python etc happen at the application layer.
>
> Luca and Stefano have shown plenty of examples of that.
>
> Infact there are some interesting developments in HPP on Python, which they
> recently talked about at seacureit.
>
> Am not sure if the material is online, will see if I can send it through to
> you, you might find it interesting.
>
> Cheers,
> Lava
>
>
> On Tue, Nov 10, 2009 at 9:51 PM, Achim Hoffmann <webappsec@securenet.de>wrote:
>
>> !! HPP is an application attack pattern which can not be detected at
>> !! application level.
>>
>> HPP is an (web)server attack pattern on application layer.
>>
>> {-: Achim
>>
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>
--00032555b3364df677047807cd22
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Got it!!, here it is <a href=3D"http://blog.nibblesec.org/2009/11/hpp-seacu=
reit.html">http://blog.nibblesec.org/2009/11/hpp-seacureit.html</a><br><br>=
<div class=3D"gmail_quote">On Tue, Nov 10, 2009 at 11:03 PM, lavakumar kupp=
an <span dir=3D"ltr"><<a href=3D"http://lavakumar.in";>lavakumar.in</a>@<=
a href=3D"http://gmail.com";>gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">Achim, that is correct in the case of IIS (=
ASP, <a href=3D"http://ASP.NET"; target=3D"_blank">ASP.NET</a>).<div><br></d=
iv><div>
However HPP on PHP, Java, Python etc happen at the application layer.</div>=
<div><br></div><div>Luca and Stefano have shown plenty of examples of that.=
</div>
<div><br></div><div>Infact there are some=A0interesting=A0developments=A0in=
HPP on Python, which they recently talked about at seacureit.</div><div><b=
r></div><div>Am not sure if the material is online, will see if I can send =
it through to you, you might find it=A0interesting.</div>
<div><br></div><div>Cheers,</div><div>Lava</div><div><br></div><div><div><d=
iv></div><div class=3D"h5"><br><div class=3D"gmail_quote">On Tue, Nov 10, 2=
009 at 9:51 PM, Achim Hoffmann <span dir=3D"ltr"><<a href=3D"mailto:weba=
ppsec@securenet.de" target=3D"_blank">webappsec@securenet.de</a>></span>=
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">!! HPP is an application attack pattern whic=
h can not be detected at<br>
!! application level.<br>
<br>
HPP is an (web)server attack pattern on application layer.<br>
<font color=3D"#888888"><br>
{-: Achim<br>
</font><div><div></div><div><br>
<br>
---------------------------------------------------------------------------=
-<br>
Join us on IRC: <a href=3D"http://irc.freenode.net"; target=3D"_blank">irc.f=
reenode.net</a> #webappsec<br>
<br>
Have a question? Search The Web Security Mailing List Archives:<br>
<a href=3D"http://www.webappsec.org/lists/websecurity/archive/"; target=3D"_=
blank">http://www.webappsec.org/lists/websecurity/archive/</a><br>
<br>
Subscribe via RSS:<br>
<a href=3D"http://www.webappsec.org/rss/websecurity.rss"; target=3D"_blank">=
http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>
<br>
Join WASC on LinkedIn<br>
<a href=3D"http://www.linkedin.com/e/gis/83336/4B20E4374DBA"; target=3D"_bla=
nk">http://www.linkedin.com/e/gis/83336/4B20E4374DBA</a><br>
<br>
</div></div></blockquote></div><br></div></div></div></blockquote></div><br=
>
--00032555b3364df677047807cd22--
Brought to you by http://www.webappsec.org
Search this site
|