WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [WEB SECURITY] SSL does not = a secure website

From: "Ryan Barnett" <rcbarnett () gmail com>
Date: Wed, 29 Mar 2006 08:51:11 -0500
While these tangents are interesting, my original question is still
unanswered.  Does anyone have any references to news stories, etc...
about attackers sniffing user's web data and then using it?

This is not a questions of whether sniffing is a real threat, it is. 
This is a question of having verifiable proof that this is happening
in order to "convert" the unbelievers.  We have verifiable proof that
credit card data is being pilfered in other ways (keyloggers, access
to DB, etc...).  Check out the WASC Web Hacking Incident Database for
news stories -
http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml

--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: