WebApp Sec mailing list archives

Re: Top Ten Web App Sec Problems

From: bt () munky seifried org
Date: Sat, 30 Nov 2002 17:42:23 -0700 (MST)

Deploying servers to support applications (be they front end web, mid 
tier, back end database, etc.) with default configurations and uneeded 
items such as example and test scripts, debugging information enabled 
(i.e. informational error messages). You need to secure the infrastructure 
as well as the web application, this can be a real pain when vendors 
refuse to support recent service pack levels for IIS/etc.

-Kurt

Current thread:

Top Ten Web App Sec Problems Mark Curphey (Nov 30)
- Re: Top Ten Web App Sec Problems zeno (Nov 30)
  - Re: Top Ten Web App Sec Problems Mark Curphey (Nov 30)
    - Re: Top Ten Web App Sec Problems Matt Curtin (Nov 30)
    - Re: Top Ten Web App Sec Problems bt (Nov 30)
    - Re: Top Ten Web App Sec Problems Alex Russell (Dec 02)
    - Re: Top Ten Web App Sec Problems Andrew Jaquith (Dec 02)
    - Re: Top Ten Web App Sec Problems Alex Russell (Dec 02)
- <Possible follow-ups>
- FW: Top Ten Web App Sec Problems Keith T. Morgan (Dec 02)
- Re: Top Ten Web App Sec Problems Steven M. Christey (Dec 02)
  - RE: Top Ten Web App Sec Problems Richard M. Smith (Dec 02)
    - Re: Top Ten Web App Sec Problems Kevin Spett (Dec 02)
    - Re: Top Ten Web App Sec Problems Alex Lambert (Dec 02)
    - Re: Top Ten Web App Sec Problems Marc Slemko (Dec 02)
- Re: Top Ten Web App Sec Problems Jeff Williams @ Aspect (Dec 02)

(Thread continues...)