WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting article on how development and web centric architecture change peoples views of security

From: Saqib.N.Ali () seagate com
Date: Thu, 19 Aug 2004 22:11:42 -0700
vulnerable you are to CSRF (Cross Site Request Forgery) attacks. On the 
other hand an application that uses Basic HTTP Authentication (old 

school) 

is likely to be a target of CSRF attack.


Sorry I meant:

On the other hand an application that uses Basic HTTP Authentication (old 
school) is LESS likely to be a target of CSRF attack.

Thanks.
Saqib Ali
http://validate.sf.net

Saqib.N.Ali () seagate com wrote on 08/18/2004 10:57:28 AM:


Good article.

I agree that CRYPTO by itself  is not the holy grail. The whole IT 
architecture should be security aware.

There always has to be a balance between adopting new technology and 
maintaining security. 

For e.g. CDSSO (Cross Domain Single Sign One) may make life easier for 

the 

users, but the more applications, you have, that use CDSSO, the more 
vulnerable you are to CSRF (Cross Site Request Forgery) attacks. On the 
other hand an application that uses Basic HTTP Authentication (old 

school) 

is likely to be a target of CSRF attack.


In Peace,
Saqib Ali
http://validate.sf.net  <<< DocBook XML -> HTML/PDF Convertor


"Mark Curphey" <mark.curphey () foundstone com> wrote on 08/17/2004 

06:54:46 

AM:






http://www.infosecurity-magazine.com/features/julyaug04/paulus_julyaug.html
Previous By Date Next
Previous By Thread Next

Current thread: