WebApp Sec mailing list archives

Re: Re: applet security

From: test.future () gmail com
Date: 12 Jan 2006 02:12:38 -0000

Maybe it _calls_ server side code (by hitting
urls or other channel), but it doesn't run 
there.
Maybe they want you to put "controls" on that code?


If that really is what they mean, what controls can be put in place to mitigate the risk? I can think of input 
filtering and validation on server side code to defend against buffer overflow. Any other measure besides this? 

I don't understand what they mean by "environment attacks". Any one can share some thought on this? Thanks.

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

applet security test . future (Jan 09)
- RE: applet security Andrew Chong (Jan 09)
  - Re: applet security Dean H. Saxe (Jan 09)
- RE: applet security Richard M. Smith (Jan 10)
- <Possible follow-ups>
- RE: applet security Jeff Robertson (Jan 09)
- Re: applet security test . future (Jan 11)
  - Re: applet security Michael Silk (Jan 11)
- Re: Re: applet security test . future (Jan 12)
  - Re: applet security Steve Barnet (Jan 12)
  - RE: Re: applet security Andrew Chong (Jan 12)
- Re: Re: applet security test . future (Jan 12)