DNS Pinning and Web Proxies - A white paper that describes DNS based attacks against web proxies.
e091af8bf559a04f3c1150ba90ac58ae3ddd17fb123c3630be4e8ae38dcdaf3c
Whitepaper titled Cross Site Request Forgery: The Sea Surf.
5f2993a62fbb64d5422e96ba9b08bcc4be5bff77401acc7bef23bc85e71da389
Whitepaper entitled Ambiguity In Ajax Lockdown Framework - Unveiling Some Contradictory Facts.
c72d1fdf0586fb064c35e73407382130
Small paper entitled EBay Online Attack Jargon.
04ad495da411ca6f23da1f5c458c29f200473ff4506ec284d569b31a2c29fbbf
Paper describing the various methods and techniques of cross site reference forgery.
0d74b20fe311533c844750df4a40b17be780bbfc0f1cf786aac71f4e1b316276
SPI Labs has discovered a practical method of using JavaScript to detect the search queries a user has entered into arbitrary search engines. All the code needed to steal a user's search queries is written in JavaScript and uses Cascading Style Sheets (CSS). This code could be embedded into any website either by the website owner or by a malicious third party through a Cross-site Scripting (XSS) attack. There it would harvest information about every visitor to that site.
ab08229f9a6ea3fe80e91cf97309e02f0a0606aa8ea3b1985c6e81d4195f426e
Presentation entitled "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications" from the AT&T ISNN Lecture Series. The aim of the presentation is to cover a limited set of web application vulnerability types and show the impact of these vulnerabilities via real world cases.
864d22be9ea2fbe90fc389e48dd1b7e860db2d314108cd24933a16b4659c7ec8
XST Strikes Back - A technical paper discussing Cross Site Tracing vulnerabilities in proxy servers.
c934a83e625611f6470be7257fa46f16e64a415f899bccbeb6d42966dd6a3e9a
Small write up discussing reverse proxy cross site scripting.
eae37617973a2892bf4ac789d799e0b8a3209e0ea2ccda63640fab3a48f15ca5
Whitepaper entitled 'Web Application Footprinting and Assessment with MSN Search Tricks'.
21fa9f7a4c5cc5110927a0d58b634ca2cc3a52a3998262dfccb65e1141516e43
White paper discussing web browser identification and how proper identification can enable a remote site to know what attacks to use against a visitor.
af292d7644b45c3e998a980f23ff821b434d866040446022bb3ee6a5b46b07a2
White paper called Domain Footprint for Web Applications and Web Services.
334c5dacdca8cb229f4e6fcd4408159edff35ea5eb82f949449c0fe623215485
Interesting write up regarding possible code execution vulnerabilities in Microsoft Internet Explorer due to problems with image decompression and parsing.
8aa59c5262d0659c3680241d1e53f860d9626568c3b86d989d08cba6b374e641
Yet Another "Why CSS Is Bad" Paper.
0c887d986ae284f7c70a519bdfe8487982c28a01419f992b0641e7cd3f0249f4
Whitepaper discussing the scope of information gathering used against web services. Second in a series of papers defining attack and defense methodologies with web services.
d845104342be64b7e0981391fa4587731812589b1eaa8df8bb900cb3c06d39eb
Advanced Cross-Site-Scripting with Real-time Remote Attacker Control - Some people think XSS attacks are no big deal, but I plan to change that perception with the release of this paper and an accompanying tool called XSS-Proxy which allows XSS attacks to be fully controlled by a remote attacker. This paper describes current XSS attacks and introduces new methods/tool for making XSS attacks interactive, bi-directional, persistent and much more evil. This is not a detailed XSS HowTo, but an explanation of methods for taking XSS attacks much further. Attackers can access sites as the victim or forward specific blind requests to other servers.
8f3f833faade0f8c6add6576e39ff2be36df99d31657b8eb6613799fa7945aa6
The 80/20 Rule for Web Application Security: Increase your security without touching the source code . This article discusses ways to make your website more difficult to exploit with little effort.
bba7f7e823c6583f2e30e376b8c5ab99b4d303a27d637867f9f30645116bb148
Whitepaper discussing the scope of information gathering used against web services. First in a series of papers defining attack and defense methodologies with web services.
41051ad1f79babf058f6e50a6da49759baee349f285fbc702e91c39d819f38f8
A thoroughly written white paper discussing how to defend web services using mod_security.
bff27e41da0ed96737c94d7f79f29f3432e83dda6ab0b1eed20e27122f946d50
This is a small text document that describes how MS SQL can be "tricked" into creating a command.asp script under the webroot, even when you do not have access to 'sa' privs (dbo privs are probably still a must, though). The technique described uses the SQL server 'backup' command.
00f4e7c9f7cd17235e6b6b60f335065c99183f5e4af191f5b7d9dfcb8975e8a2
Corsaire White Paper: Cookie Path Best Practice. A brief document discussing how and why a cookie path should be strictly defined.
c30fa2410156b0fdf005bdaacdb6fc9efd561e2ce36194f3f8f20250a403b84a
Comprehensive paper explaining various ways to get around restrictive web proxies which are used by some restrictive countries and corporations.
8d9d766cd21a65b57e4c66bdeab1db1cf15172a76f5abf3a8ffb6b63490001ab
Session Fixation Vulnerability in Web-based Applications - Many web-based applications employ some kind of session management to create a user friendly environment. Sessions are stored on a server and associated with respective users by sessions identifiers (IDs). Naturally session IDs present an attractive target for attackers, who, by obtaining them, effectively hijack users' identities. Knowing that, web servers are employing techniques for protecting session IDs from three classes of attacks: interception, prediction, and brute force attacks. This paper reveals a fourth class of session attacks against session IDs: session fixation attacks.
e8a24bd745c20648c072b561ba4717627c93a9e649320428356139d804231bd5
Some information on the Common Gateway Interface (CGI).
8b26cd32cbd0a8326977f61fce8ef55d9a9016bc2750bd213be84e63a401d2b0
The Cross Site Scripting FAQ - Includes threat analysis, examples of cross site scripting attacks, cookie theft, how to protect yourself, and how to fix the holes.
661e74609dc323f6e78804ba0e5ebb3534a09bcb6cea0f0f0bbc0773b2ba234a