WebApp Sec mailing list archives
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications"
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 22 Dec 2004 19:26:40 +0100
* Arian Evans:
Maybe I was too critical in my initial response to Thomas's paper. I still do not believe we need a new term; this fixation on particulars (XSS, XST, XFS, XDS, etc.) is to my mind one of the main detractors to focusing on overall robust application design.
At some point, you simply have to face that it's impossible to write robust web applications. There are too many bugs and too many questionable practices users have grown accustomed to, and have to be supported. What's worse is that browsers are *required* to leak plenty of data between sites of varying trust. You can't build a reliable application on top of this foundation.
Current thread:
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Evans, Arian (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Florian Weimer (Dec 23)