Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Am I missing anything ?

From: Carl Livitt <carllivitt () yahoo com>
Date: Mon, 23 Jul 2007 10:55:33 -0700
Off the top of my head: cookie manipulation, weak session number
predictability, second-order command injection, parameter manipulation
such as shell redirects/pipe issues, web services (SOAP, WSDL access
etc) and dangerous HTTP methods such as PUT. There'll be more, but I'm
still on my first coffee...

Good luck!
Carl

Deeþàn Chakravarthÿ wrote:

Hi All,
   Just wondered if I am missing anything important. Am planning to give 
talk on web security.
Is there any other technique other than the following I have to speak 
about ?

1)XSS
2)CSRF
3)SQL Injection
4)AJAX/JSON hijacking
5)HTTP response splitting
6)RFI
7)CRLF
8)MITM

Thanks
Deepan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: