WebApp Sec mailing list archives
RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications"
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Mon, 20 Dec 2004 09:00:50 -0600
Yvan, I do not know if my original post will make it to the list, but your comments:
-----Original Message----- From: Yvan G.J. Boily [mailto:yboily () seccuris com] Sent: Thursday, December 16, 2004 4:40 PM This name for the issue is misleading; this is a state management issue combined with a session management issue.
[...]
The paper is a good introduction to the issue, but perhaps the title is misleading as to the nature of the issue.
Pretty much sum up the points I was trying to make, more succinctly than I could have. It my facetious example I noted two items: <quote> Overall the SecureNet paper is well written and well organized. It facilitates an intelligent discussion of: * State Management general issues * Session Management particulars * Authentication and Additional notes: HTTP is STATELESS. Web Applications have no control over web clients. Web Applications have no control over webapp users. </quote> http://www.anachronic.com/modules.php?op=modload&name=News&file=article&sid=9&mode=thread&order=0&thol d=0 Details: http://www.anachronic.com/modules.php?op=modload&name=News&file=article&sid=10&mode=thread&order=0&tho ld=0 Arian The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.
Current thread:
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications", (continued)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Elihu Smails (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Elihu Smails (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Joseph Miller (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Florian Weimer (Dec 23)