lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jul 2007 14:34:27 -0400 (EDT) From: "Steven Adair" <steven@...urityzone.org> To: Deeþàn Chakravarthÿ <codeshepherd@...il.com> Cc: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org Subject: Re: Am I missing anything ? Just a few additions/ideas: You have RFI but not LFI.. so add that. I'd also say general input validations as some other mentioned. This ties into your XSS (persistent or otherwise) and some of your other issues like injecting code/iframes/xss etc into forums and so on. Also as mentioned a big on is sessions and user privilege management. If sessions are predictable or don't expire (think the Orkut posts recently) this can be problems. Also, there are additional things you can look for like tieing a session to IP address or checking things that are passed by the browser. This would include HTTP REFER/REFERRER which can also be a security issue if relied on too heavily. On the user management side, checking things like elevating privileges and what not are big issues. Or verifying a user can make a certain action like changing passwords for their account only etc. Look for weak methods of password reseting. This can be a DoS to users or it can be predictable resulting in account compromise. Also, username enumeration due to poorly implemented features like this as well at login/password reset prompts. A few other things come to mind but I think what you've got plus all these responses should be more than enough to bore/excite an audience with. :) Steven securityzone.org > Hi All, > Just wondered if I am missing anything important. Am planning to give > talk on web security. > Is there any other technique other than the following I have to speak > about ? > > 1)XSS > 2)CSRF > 3)SQL Injection > 4)AJAX/JSON hijacking > 5)HTTP response splitting > 6)RFI > 7)CRLF > 8)MITM > > Thanks > Deepan > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists