I do not see anything in the guide at all about best practices for transport
security besides a section on SSL and TLS, which the poster is already
using.

Kevin Spett
SPI Dynamics, Inc.
http://www.spidynamics.com/
----- Original Message -----
From: "Mark Curphey" <mcurpheyonebox.com>
To: "Steven Fling" <SFLINGoppenheimerfunds.com>
Cc: <webappsecsecurityfocus.com>
Sent: Wednesday, July 10, 2002 3:43 PM
Subject: Re: Best Practices for passing data via HTTP

> You should find what you are looking for in the Common Attacks section
> of the OWASP Guide to Building Secure Web Apps....its under forms field
> manipulation and URL manipulation in particular....
>
> Its at http://www.owasp.org
>
> ---- "Steven Fling" <SFLINGoppenheimerfunds.com> wrote:
> > Our application communicates across various application server
environments
> > via HTTP/HTTPS requests (versus RMI, etc.) and needs to pass
data/parameters
> > back and forth. Naturally we use SSL to encrypt the request/response.
> >
> > I wanted to see if there were any Best Practices established to transfer
> > data in this fashion. POST vs. GET method, querystring vs. hidden
> > form variable, etc.
> >
> > Any insight would be appreciated!
> >
> > ____________________________________
> > Steve Fling
> > Managing Architect - Web Development
> > OppenheimerFunds, Inc.
> > sflingoppenheimerfunds.com
> > Office: 303.768.3200
> > FAX: 303.768.1096
> > http://www.oppenheimerfunds.com
> > ____________________________________
> >
> >
> > This electronic mail transmission may contain confidential information
> > and is intended only for the person(s) named. Any use, copying or
> > disclosure by any other person is strictly prohibited. If you have
> > received this transmission in error, please notify the sender via
e-mail.
> >
> >
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]