WebApp Sec mailing list archives

Re: applet security

From: Michael Silk <michaelslists () gmail com>
Date: Wed, 11 Jan 2006 22:51:36 +1100

Hahahaha.

Find another auditing company :)

Applets don't run on the server side. Maybe it _calls_ server side
code (by hitting urls or other channel), but it doesn't run there.
Maybe they want you to put "controls" on that code?

- Michael


On 11 Jan 2006 09:54:31 -0000, test.future () gmail com
<test.future () gmail com> wrote:

Thanks for all the reply. Maybe I do not put it very clearly in the first email. The auditor's concerns are: Exposure 
to buffer overflow and environment attacks. So I believe their concern is on server side. Correct me if I'm wrong. 
They do not go for code review.

What control can we put in place to mitigate the risk? Thanks.


-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

applet security test . future (Jan 09)
- RE: applet security Andrew Chong (Jan 09)
  - Re: applet security Dean H. Saxe (Jan 09)
- RE: applet security Richard M. Smith (Jan 10)
- <Possible follow-ups>
- RE: applet security Jeff Robertson (Jan 09)
- Re: applet security test . future (Jan 11)
  - Re: applet security Michael Silk (Jan 11)
- Re: Re: applet security test . future (Jan 12)
  - Re: applet security Steve Barnet (Jan 12)
  - RE: Re: applet security Andrew Chong (Jan 12)
- Re: Re: applet security test . future (Jan 12)