PaulDotCom mailing list archives
OWASP Top 10 Mutillidae Update
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Tue, 27 Apr 2010 19:54:05 -0400
Jim: If you count the cookie headers, I have a weakness in there for that. Matt: Looking up Connection String Parameter Pollution. Thanks, Adrian On Mon, Apr 26, 2010 at 8:37 AM, Jim Halfpenny <jim.halfpenny at gmail.com>wrote:
How about some weak e.g. HTTP header based authentication? I don't recall what is in there at the moment, I think there referer manipulation to bypass something. If not please add that :-D Jim On 25 April 2010 13:10, Adrian Crenshaw <irongeek at irongeek.com> wrote:I'm about to do an update on Mutillidae, since the OWASP Top 10 for 2010isout now. Any requests for changes/additions?http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100427/3d9507cc/attachment.htm
Current thread:
- OWASP Top 10 Mutillidae Update Adrian Crenshaw (Apr 25)
- OWASP Top 10 Mutillidae Update Matt Erasmus (Apr 25)
- OWASP Top 10 Mutillidae Update Jim Halfpenny (Apr 26)
- OWASP Top 10 Mutillidae Update Adrian Crenshaw (Apr 27)