WebApp Sec mailing list archives
Re: Code Review for Critical Application e.g Internet banking
From: mike () sharecube com
Date: 22 Jul 2006 17:37:18 -0000
Clicking on a randomized arrangement of letters on a Web page to enter a password provides almost no security benefit. Any Win32 malware can insert itself into a web page and use Javascript to detect where the mouse is clicked or what key values are stored. Mike ------------------------------------------------------------------------- Sponsored by: Watchfire AppScan 6.5 is now available! New features for Web Services Testing, Advanced Automated Capabilities for Penetration Testers, PCI Compliance Reporting, Token Analysis, Authentication testing, Automated JavaScript execution and much more. Download a Free Trial of AppScan today! https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc -------------------------------------------------------------------------
Current thread:
- Code Review for Critical Application e.g Internet banking John Greiter (Jul 21)
- RE: Code Review for Critical Application e.g Internet banking Andrew Chong (Jul 21)
- <Possible follow-ups>
- Re: Code Review for Critical Application e.g Internet banking mike (Jul 22)