WebApp Sec mailing list archives
Re: Hash for data in transit
From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Wed, 21 Jul 2010 09:11:38 -0700
Well, outside of an AES128-SHA1 SSL connection, there really isn't much that can be done for transit protection. I would not trust any JavaScript implementation of form data hashing. Since that is all modifiable on the client side. If you can't even trust certificates, how are you going to trust the client platform? On Wed, Jul 21, 2010 at 8:26 AM, Richard High <RichardHigh () imgva com> wrote:
HTTPS is already configured. This doesn't meet the required baseline security for web apps. According to published DISA directives. Richard High Security Engineer, CISSP Information Management Group, Inc. Richard.A.High () us army mil RichardHigh () imgva com NSA:rahigh () nsa ic gov SIPR: Richard.A.High () us army smil mil JWICS: Richard.High () dami ic gov Work Location Fairfax: (703)573-5000x401 Pentagon Fax: (703) 695-3070 4050 Legarto Rd Suite 200 Fairfax, VA 22033 ________________________________ From: listbounce () securityfocus com on behalf of Robert Hajime Lanning Sent: Tue 7/20/2010 6:42 PM To: webappsec () securityfocus com Subject: Re: Hash for data in transit On Tue, Jul 20, 2010 at 1:03 PM, <richardhigh () imgva com> wrote:Does anyone know of any tools out there that can be used to ensure the integrity of data while in transit from a web app and a user using a website to enter information?https will between the browser and the webserver.
-- And, did Galoka think the Ulus were too ugly to save? -Centauri This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Hash for data in transit richardhigh (Jul 20)
- Re: Hash for data in transit Robert Hajime Lanning (Jul 20)
- Message not available
- Re: Hash for data in transit Robert Hajime Lanning (Jul 21)
- Re: Hash for data in transit Peter M. Jansson (Jul 21)
- Message not available
- Re: Hash for data in transit Robert Hajime Lanning (Jul 20)
- Re: Hash for data in transit Nikhil Wagholikar (Jul 20)
- Re: Hash for data in transit Saleh (Jul 21)
- Message not available
- Message not available
- Message not available
- Fwd: Hash for data in transit Saleh (Jul 26)
- Re: Hash for data in transit Saleh (Jul 21)
- <Possible follow-ups>
- Re: Fwd: Hash for data in transit richardhigh (Jul 27)
- Re: Fwd: Hash for data in transit Robert Hajime Lanning (Jul 28)