WebApp Sec mailing list archives
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts
From: <PPowenski () oag com>
Date: Wed, 22 Mar 2006 07:37:09 -0000
"There was an interesting thread about a very similar issue (Is there any Security problem in Ajax technology?) not too long ago on sc-l . . . Thought the comment made by Yvan Boily was particularly insightful." Reference? Not familiar with sc-1 -----Original Message----- From: Andre Maisonneuve [mailto:Andre.Maisonneuve () validian com] Sent: 21 March 2006 14:24 To: George Capehart; Stephen de Vries Cc: bugtraq () cgisecurity net; websecurity () webappsec org; webappsec () securityfocus com Subject: RE: [WEB SECURITY] How to Create Secure Web Applications with Struts A very interesting topic indeed! An alternative to installing security in the web tier is to install security directly into the applications, so the security is controlled by the application itself, so it simplifies the implementation of the transport of data through any mechanism that you want to be installed, without having to worry about security. All data going through the intermediate layers will already be encrypted and will only be decrypted at the receiving application. Regards to all! -----Original Message----- From: George Capehart [mailto:gwc () acm org] Sent: 20 mars 2006 22:00 To: Stephen de Vries Cc: bugtraq () cgisecurity net; websecurity () webappsec org; webappsec () securityfocus com Subject: Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries wrote:
Great article!
<snip>
It may not be a big issue, but I think it's important to understand
how
choosing the web tier as a security provider could impact the extensibility of the app down the line.
Hola All, There was an interesting thread about a very similar issue (Is there any Security problem in Ajax technology?) not too long ago on sc-l . . . Thought the comment made by Yvan Boily was particularly insightful. FWIW, /g --------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/ ------------------------------------------------------------------------ - This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR l ------------------------------------------------------------------------ -- This e-mail is intended for the named recipient(s). It and any attachments may contain privileged and/or confidential information. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If you are not one of the intended recipients, or this email is received in error, please immediately either notify the sender or contact OAG Worldwide Limited on +44 (0) 1582 600111 quoting the name of the sender and the email address to which it has been sent and then delete it and any attachment(s). While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Limited and its affiliate companies cannot guarantee that attachments do not contain any viruses or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Neither OAG Worldwide Limited nor the sender accepts any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. OAG Worldwide Limited may monitor or record outgoing and incoming e-mail to secure effective system operation and for other lawful purposes. By replying to this email you give your consent to such monitoring. Thank you. OAG Worldwide Limited is a company registered in England and Wales (registered number 4226716), with its registered office at Church Street, Dunstable, Bedfordshire, LU5 4HB, United Kingdom. ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- RE: [WEB SECURITY] How to Create Secure Web Applications with Struts Andre Maisonneuve (Mar 21)
- <Possible follow-ups>
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 21)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 22)
- RE: [WEB SECURITY] How to Create Secure Web Applications with Struts PPowenski (Mar 22)