Re: Innocent Code Prize for Best Post on WebAppSec

["Sverre H. Huseby" <shh () thathost com>]

This is a reply to Mark Curphey's post [1] on 2004-02-16.  In case you
didn't see it: For a few weeks I give a copy of my book [2] to authors
of webappsec-posts I like (not that I think they need it, but
anyway... :) ).

Amit Klein is the author of the paper "Divide and Conquer: HTTP
Response Splitting, Web Cache Poisoning Attacks, and Related Topics"
[3], which was announced [4] to this mailing list on 2004-03-04.
Undoubtably, extensive research was performed in order to write this
paper.  It's one of the most interesting pieces of text I've read in a
long time, and I admire people who are able to do this kind of
scientific research.  He even manages to explain the results in an
understandable way.  Hats off!

A book would have been in the (snail)mail if Amit had answered my
E-mail.


Sverre.


1 <200402161618.LAA20125 () arkroyal cnchost com>
  http://www.securityfocus.com/archive/107/353996/2004-02-12/2004-02-18/0

2 http://innocentcode.thathost.com/

3 http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf

4 <4047719E.8070607 () sanctuminc com>
  http://www.securityfocus.com/archive/107/356389/2004-03-03/2004-03-09/0


-- 
shh () thathost com               My web security book: Innocent Code
http://shh.thathost.com/       http://innocentcode.thathost.com/