Way cool ! HTTP Session Hijacking can’t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or… Read more »
Web 2.0 is not my forte but I am not ignorant to know its overwhelming adoption and popularity ! In my understanding, Web 2.0 is another Web based application paradigm that enables delivering user-generated content via aggregation, participation and collaboration on the Internet using Web based protocols. No doubt, everyday a new breed of Web 2.0 application is finding its… Read more »
Few weeks ago, US Dept. of Homeland security (National Cyber Security Division) in collaboration with SANS Institute/MITRE teams worked together and released a list of 25 dangerous programming errors as common security flaws, which opens doors for easy exploitation. My first look at this list, I thought it is a old wine in a new bottle as the document sounded… Read more »
The Register exposed this ! Cross-site Scripting (XSS) vulnerabilities allow attackers to steal user authentication cookies from AmericanExpress.com – According to an independent vulnerability assessment firm… the XSS bug still remains unfixed !! To read more…follow this link:
I received this question from one of our book readers …ofcourse XSS is becoming widely popular. I had my own first-hand experience of XSS by test driving in my lab – believe me – I don’t have malicious intentions or crazy motives. If you want to verify your J2EE Web applications for XSS ulnerability…here is my cooked response – for… Read more »
Couple of days ago, I received the above question from one of our readers. Although I briefly responded to him over email, I really wanted to explore the known traits for defending this vulnerability : HTTP response splitting is a Web application input validation vulnerability that allows to exploit the HTTP headers of a Web application for initiating attacks leading… Read more »