| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Know your Enemy: Web Application Threats |
| From: | Gadi Evron <ge@linuxbox.org> |
| Date: | Sun, 25 Feb 2007 02:29:21 -0600 (CST) |
| Cc: | php-wars@whitestar.linuxbox.org, full-disclosure@lists.grok.org.uk |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Jamie Riden, Ryan McGeehan, Brian Engert and Michael Mueter just released an Honeynet paper on Web security called: Know your Enemy: Web Application Threats You can find their paper here: http://honeynet.org/papers/webapp/ The paper is very good, and deals with all kinds of web threats such as SQL Injection and XSS. Of most interest to me were the Code Injection and Remote Code-Inclusion due to my own research in that field. The Honeynet paper deals with many issues other than these, and is most definitely recommended reading. Jamie Riden has written a paper on web honey pots in the past. These guys know what they are talking about. Gadi. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Ismail Dönmez |
|---|---|
| Next by Date: | rPSA-2007-0040-1 firefox, rPath Update Announcements |
| Previous by Thread: | SQLiteManager v1.2.0 Multiple Vulnerabilities, simon . itsecurity |
| Next by Thread: | rPSA-2007-0040-1 firefox, rPath Update Announcements |
| Indexes: | [Date] [Thread] [Top] [All Lists] |