[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Am I missing anything ?

To: Deeþàn Chakravarthÿ <codeshepherd@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Am I missing anything ?
From: Carl Livitt <carllivitt@xxxxxxxxx>
Date: Mon, 23 Jul 2007 10:55:33 -0700

Off the top of my head: cookie manipulation, weak session number
predictability, second-order command injection, parameter manipulation
such as shell redirects/pipe issues, web services (SOAP, WSDL access
etc) and dangerous HTTP methods such as PUT. There'll be more, but I'm
still on my first coffee...

Good luck!
Carl

Deeþàn Chakravarthÿ wrote:
> Hi All,
>    Just wondered if I am missing anything important. Am planning to give 
> talk on web security.
> Is there any other technique other than the following I have to speak 
> about ?
>
> 1)XSS
> 2)CSRF
> 3)SQL Injection
> 4)AJAX/JSON hijacking
> 5)HTTP response splitting
> 6)RFI
> 7)CRLF
> 8)MITM
>
> Thanks
> Deepan
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Am I missing anything ?
  - From: Deeþàn Chakravarthÿ

Prev by Date: Re: [Full-disclosure] Am I missing anything ?
Next by Date: Re: [Full-disclosure] Am I missing anything ?
Previous by thread: Re: [Full-disclosure] Am I missing anything ?
Next by thread: Re: [Full-disclosure] Am I missing anything ?
Index(es):
- Date
- Thread