WebApp Sec mailing list archives
Re: Universal PDF XSS Remediation (Fix)
From: "Amit Klein" <aksecurity () gmail com>
Date: Thu, 15 Feb 2007 08:46:44 +0200
Please see http://www.owasp.org/index.php/Talk:PDF_Attack_Filter_for_Java_EE, where OWASP states: "Absolutely - fixed", which is simply wrong.
You completely misinterpreted the statement in OWASP's page here! The full text there is: Should this page be in the Countermeasures category and have a link off of https://www.owasp.org/index.php/Category:Countermeasure? Absolutely - fixed The "fix" then relates not to the solution, but to the position of this page in the OWASP website... -Amit ------------------------------------------------------------------------- Sponsored by: WatchfireAs web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6 --------------------------------------------------------------------------
Current thread:
- Universal PDF XSS Remediation (Fix) Cyrill Brunschwiler (Feb 12)
- Re: Universal PDF XSS Remediation (Fix) Amit Klein (Feb 13)
- RE: Universal PDF XSS Remediation (Fix) Cyrill Brunschwiler (Feb 14)
- Re: Universal PDF XSS Remediation (Fix) Amit Klein (Feb 14)
- Re: Universal PDF XSS Remediation (Fix) Amit Klein (Feb 15)
- Re: Universal PDF XSS Remediation (Fix) Tim Brown (Feb 20)
- RE: Universal PDF XSS Remediation (Fix) Cyrill Brunschwiler (Feb 14)
- Re: Universal PDF XSS Remediation (Fix) Amit Klein (Feb 13)
- Re: Universal PDF XSS Remediation (Fix) Ivan Ristic (Feb 13)
- Message not available
- RE: Universal PDF XSS Remediation (Fix) Cyrill Brunschwiler (Feb 14)