Clan x86
Technical (Development, Security, etc.) => General Security Information => Topic started by: iago on November 21, 2008, 10:31:03 am
-
This is a cool story about how a bunch of minor issues in a Web application can be combined to gain access:
http://ha.ckers.org/deathby1000cuts/
-
Good read. Though it wasn't exactly 1000...
-
"1000 cuts" is a figure of speech. :P
-
"1000 cuts" is a figure of speech. :P
Mmm torture. Lingchi (http://en.wikipedia.org/wiki/Slow_slicing), fun stuff.
-
I can't believe people actually consider CSRF to be minor! The name alone instills fear in to the hearts of developers around here.
-
I can't believe people actually consider CSRF to be minor! The name alone instills fear in to the hearts of developers around here.
It strongly depends on the situation.
But I agree, it's often non-minor, just not well understood.
-
Incidentally, if you use GWT, your apps will be inherently safe vs CSRF and XSS, so long as you do not go out of your way to work around the security that's built in (publishing login tokens, writing vulnerable pure-javascript, etc)