[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <62164.216.31.249.98.1185215667.squirrel@slashmail.org>
Date: Mon, 23 Jul 2007 14:34:27 -0400 (EDT)
From: "Steven Adair" <steven@...urityzone.org>
To: Deeþàn Chakravarthÿ <codeshepherd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org
Subject: Re: Am I missing anything ?
Just a few additions/ideas:
You have RFI but not LFI.. so add that. I'd also say general input
validations as some other mentioned. This ties into your XSS (persistent
or otherwise) and some of your other issues like injecting
code/iframes/xss etc into forums and so on. Also as mentioned a big on is
sessions and user privilege management. If sessions are predictable or
don't expire (think the Orkut posts recently) this can be problems. Also,
there are additional things you can look for like tieing a session to IP
address or checking things that are passed by the browser. This would
include HTTP REFER/REFERRER which can also be a security issue if relied
on too heavily. On the user management side, checking things like
elevating privileges and what not are big issues. Or verifying a user can
make a certain action like changing passwords for their account only etc.
Look for weak methods of password reseting. This can be a DoS to users or
it can be predictable resulting in account compromise. Also, username
enumeration due to poorly implemented features like this as well at
login/password reset prompts.
A few other things come to mind but I think what you've got plus all these
responses should be more than enough to bore/excite an audience with. :)
Steven
securityzone.org
> Hi All,
> Just wondered if I am missing anything important. Am planning to give
> talk on web security.
> Is there any other technique other than the following I have to speak
> about ?
>
> 1)XSS
> 2)CSRF
> 3)SQL Injection
> 4)AJAX/JSON hijacking
> 5)HTTP response splitting
> 6)RFI
> 7)CRLF
> 8)MITM
>
> Thanks
> Deepan
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists