| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jul 2007 10:55:33 -0700 From: Carl Livitt <carllivitt@...oo.com> To: Deeþàn Chakravarthÿ <codeshepherd@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: Am I missing anything ? Off the top of my head: cookie manipulation, weak session number predictability, second-order command injection, parameter manipulation such as shell redirects/pipe issues, web services (SOAP, WSDL access etc) and dangerous HTTP methods such as PUT. There'll be more, but I'm still on my first coffee... Good luck! Carl Deeþàn Chakravarthÿ wrote: > Hi All, > Just wondered if I am missing anything important. Am planning to give > talk on web security. > Is there any other technique other than the following I have to speak > about ? > > 1)XSS > 2)CSRF > 3)SQL Injection > 4)AJAX/JSON hijacking > 5)HTTP response splitting > 6)RFI > 7)CRLF > 8)MITM > > Thanks > Deepan > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists