WebApp Sec mailing list archives
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]
From: "SPI Labs" <Spi.Labs () spidynamics com>
Date: Mon, 7 Aug 2006 16:28:54 -0400
"One new feature of "Web 2.0", the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically providing users with a summary of that sites content. Unfortunately, many of the applications that receive this data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack." [Link] Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations http://www.spidynamics.com/assets/documents/HackingFeeds.pdf [Contact Information] spilabs () spidynamics com SPI Dynamics, Inc. 115 Perimeter Center Place N.E. suite 1100 Atlanta, GA. 30346 Toll-Free Phone: (866) 774-2700 SPI Dynamics was founded in 2000 by a team of accomplished Web security specialists; SPI Dynamics is the leader in Web application security technology. With such signature products as WebInspect, SPI Dynamics is dedicated to protecting companies' most valuable assets. SPI Dynamics has created a new breed of Internet security products for the Web application, the most vulnerable yet least secure component of online business infrastructure. Copyright (c) 2006 SPI Dynamics, Inc. All rights reserved worldwide. ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] SPI Labs (Aug 07)