[WEB SECURITY] On Session Riding, Client-side Trojans and Cross-site Request Forgeries

Sverre H. Huseby shh at thathost.com
Wed May 4 15:54:11 EDT 2005


[Bill Pennington]

|   Just because it is everywhere does not mean it is not horribly
|   broken :-)

True.

|   Developers do look at these things the "wrong" way all the time.

Very true.

|   For sure Insufficient Authorization is a big nasty bucket where a
|   lot of stuff ends up in. I would not be opposed to breaking it
|   into a few smaller chunks.

That would be an interesting, probably long-lasting exercise.  Does
anyone have the time it takes to dig into it?


Sverre.

-- 
shh at thathost.com               My web security book: Innocent Code
http://shh.thathost.com/       http://innocentcode.thathost.com/

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/



More information about the websecurity mailing list