Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Steven Adair (stevensecurityzone.org)
Date: Mon Jul 23 2007 - 13:34:27 CDT
Just a few additions/ideas:
You have RFI but not LFI.. so add that. I'd also say general input
validations as some other mentioned. This ties into your XSS (persistent
or otherwise) and some of your other issues like injecting
code/iframes/xss etc into forums and so on. Also as mentioned a big on is
sessions and user privilege management. If sessions are predictable or
don't expire (think the Orkut posts recently) this can be problems. Also,
there are additional things you can look for like tieing a session to IP
address or checking things that are passed by the browser. This would
include HTTP REFER/REFERRER which can also be a security issue if relied
on too heavily. On the user management side, checking things like
elevating privileges and what not are big issues. Or verifying a user can
make a certain action like changing passwords for their account only etc.
Look for weak methods of password reseting. This can be a DoS to users or
it can be predictable resulting in account compromise. Also, username
enumeration due to poorly implemented features like this as well at
login/password reset prompts.
A few other things come to mind but I think what you've got plus all these
responses should be more than enough to bore/excite an audience with. :)
> Hi All,
> Just wondered if I am missing anything important. Am planning to give
> talk on web security.
> Is there any other technique other than the following I have to speak
> about ?
> 3)SQL Injection
> 4)AJAX/JSON hijacking
> 5)HTTP response splitting
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/