WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Issues with Workflow apps

From: Anthony Chan <ant_chan () pacific net sg>
Date: Mon, 12 Sep 2005 1:40:17 +0800
hi

you may want to use non-repudiation in the workflow system, like signing of digital cert.


From: Saqib Ali <docbook.xml () gmail com>
Date: Fri 09/09/2005 7:28 AM GMT+08:00
To: "webappsec () securityfocus com" <webappsec () securityfocus com>, 
      security basics <security-basics () securityfocus com>
Subject: Security Issues with Workflow apps

Hello All,

I am looking for some good articles that talk about Security Issue
relating to Workflow Application that use email as medium to
approve/reject actions.

For e.g. an attacker might intercept an workflow email, and use the
content to approve/reject a pending item, by spoofing an email to the
workflow auto-responder.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
Previous By Date Next
Previous By Thread Next

Current thread: