Security Basics mailing list archives
Internal attacks on web application
From: krisleech () interkonect com
Date: 8 Jun 2006 16:33:07 -0000
We are moving some of our products from tradional client/server to web based applications. The problem is all languages aimed at building web apps are JIT compiled (interpreted) therefore you have to distribute source code or bytecode. Bytecode is easily reversed to code. This leaves us with a problem, the application and data are open to internal attack. Firstly code can be injected (very easily in languages like ruby), encryption keys can be read, as well as database passwords. We have looked at Java, .NET and Ruby, all have the same problem, they can not be compiled to native code. Any suggestions would be very helpful. Kris.
Current thread:
- Internal attacks on web application krisleech (Jun 09)
- Re: Internal attacks on web application Bob Jones (Jun 12)
- Re: Internal attacks on web application André Gil (Jun 12)
- Re: Internal attacks on web application Greg Merideth (Jun 12)
- RE: Internal attacks on web application Joel Parramore (Jun 12)
- Re: Internal attacks on web application Adam Dyga (Jun 12)
- Re: Internal attacks on web application Sven Édouard (Jun 15)