Many penetration testers rarely test cryptographic vulnerabilities. In this post provides details of a length extension attack.
Please forgive the title, but today’s topic is something to be wary of if you write (or use) any access control / authorization type code in Web-based J2EE apps: HTTP URL path parameters.
These cookies hold the reference to the session identifier for a given user, and the same identifier − along with any session-scoped data related to that session id − is maintained server-side.
Error or exception handling is an important, but often ignored, part of any application. And although there’s a lot to be said on the topic I’m going to cover only a few of the most critical cases in J2EE Web applications.
A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website” can be defined as a white-listed collection of one or more hostnames, IP addresses, ports, and protocols.
sIFR3 allows for the use of non-free fonts within a web application via Adobe Flash plugin. The sIFR3 module interfaces with an external JS file and utilizes the parameter "version" to ensure the two files are compatible.
For more than the last decade, PHP programmers have been wrestling with the equals-equals (==) operator. It’s caused a lot of issues. This has a particular implication for password hashes.
If you’ve done unique research in information security, work that others would be interested in learning, the conference circuit provides an amazing opportunity to travel the world (for free!), advance your career, and share it with others.