[WEB SECURITY] "Meanwhile, on the other side of the web server" - a writeup by Amit Klein

Richard Moore rich at westpoint.ltd.uk
Fri Jun 10 04:48:45 EDT 2005


Nice summary Amit. One thing I'd add is the use of search engines
to allow an attacker to discover information that has been
incorrectly protected, or to find attack targets (as several
worms have done by searching for banners). Of course, these
attacks can occur without the attacker ever having to make
a request of your web app. I mentioned one example of this
on the risks list a while ago (I'm sure I wasn't the first),
but other searches such as 'this document is confidential'
still get lots of hits.

http://catless.ncl.ac.uk/Risks/22.64.html#subj9.1

Cheers

Rich.
-- 
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list