lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <62164.216.31.249.98.1185215667.squirrel@slashmail.org>
Date: Mon, 23 Jul 2007 14:34:27 -0400 (EDT)
From: "Steven Adair" <steven@...urityzone.org>
To: Deeþàn Chakravarthÿ <codeshepherd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org
Subject: Re: Am I missing anything ?

Just a few additions/ideas:

You have RFI but not LFI.. so add that.  I'd also say general input
validations as some other mentioned.  This ties into your XSS (persistent
or otherwise) and some of your other issues like injecting
code/iframes/xss etc into forums and so on.  Also as mentioned a big on is
sessions and user privilege management.  If sessions are predictable or
don't expire (think the Orkut posts recently) this can be problems.  Also,
there are additional things you can look for like tieing a session to IP
address or checking things that are passed by the browser.  This would
include HTTP REFER/REFERRER which can also be a security issue if relied
on too heavily.  On the user management side, checking things like
elevating privileges and what not are big issues.  Or verifying a user can
make a certain action like changing passwords for their account only etc.

Look for weak methods of password reseting.  This can be a DoS to users or
it can be predictable resulting in account compromise.  Also, username
enumeration due to poorly implemented features like this as well at
login/password reset prompts.

A few other things come to mind but I think what you've got plus all these
responses should be more than enough to bore/excite an audience with. :)

Steven
securityzone.org

> Hi All,
>    Just wondered if I am missing anything important. Am planning to give
> talk on web security.
> Is there any other technique other than the following I have to speak
> about ?
>
> 1)XSS
> 2)CSRF
> 3)SQL Injection
> 4)AJAX/JSON hijacking
> 5)HTTP response splitting
> 6)RFI
> 7)CRLF
> 8)MITM
>
> Thanks
> Deepan
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ