WebApp Sec mailing list archives

Re: Code Review for Critical Application e.g Internet banking

From: mike () sharecube com
Date: 22 Jul 2006 17:37:18 -0000


Clicking on a randomized arrangement of letters on a Web page to enter a password provides almost no security benefit. 
Any Win32 malware can insert itself into a web page and use Javascript to detect where the mouse is clicked or what key 
values are stored. 

Mike

-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, 
Advanced Automated Capabilities for Penetration Testers, PCI Compliance 
Reporting, Token Analysis, Authentication testing, Automated JavaScript 
execution and much more. 
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------

Current thread:

Code Review for Critical Application e.g Internet banking John Greiter (Jul 21)
- RE: Code Review for Critical Application e.g Internet banking Andrew Chong (Jul 21)
- <Possible follow-ups>
- Re: Code Review for Critical Application e.g Internet banking mike (Jul 22)