[OWASP-Delhi] OWASP-Delhi Digest, - How can we mitigate session hijacking if the application is on HTTP and MITM is there

Amit Saini call4amit at gmail.com
Tue Jul 7 04:22:37 UTC 2015


Hi Friends,

How can we mitigate/stop session hijacking if the application is on HTTP
and MITM is already there?

Regards
Amit Saini




On Mon, Jul 6, 2015 at 5:30 PM, <owasp-delhi-request at lists.owasp.org> wrote:

> Send OWASP-Delhi mailing list submissions to
>         owasp-delhi at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.owasp.org/mailman/listinfo/owasp-delhi
> or, via email, send a message with subject or body 'help' to
>         owasp-delhi-request at lists.owasp.org
>
> You can reach the person managing the list at
>         owasp-delhi-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Delhi digest..."
>
>
> Today's Topics:
>
>    1. Re: How to implement ASLR & DEP in C# thick client
>       applications? (Dhruv Soi)
>    2. Re: How to implement ASLR & DEP in C# thick client
>       applications? (sanjay kumar)
>    3. Re: How to implement ASLR & DEP in C# thick client
>       applications? (Dhruv Soi)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 5 Jul 2015 16:00:02 +0400
> From: Dhruv Soi <dhruv.soi at owasp.org>
> To: sanjay kumar <sanjay1519841 at gmail.com>
> Cc: owasp-delhi <owasp-delhi at lists.owasp.org>
> Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick
>         client  applications?
> Message-ID:
>         <CA+Rr0=
> 6x1t9BXZmVCM1842ORwAt0ebxKpOg2XhE3UajC2P1EBg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications
>
> http://www.lmgtfy.com/?q=aslr+c%23
>
> On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519841 at gmail.com>
> wrote:
> > Hi,
> >
> > Does anyone knows how to implement ASLR (Address Space Layout
> > Randomization), DEP (Data Execution Prevention) in thick client
> application
> > based on C#?
> >
> > If it cannot be implement then what is the risk in applications which
> > developed in C#?
> >
> > Regards,
> >
> > Sanjay Kumar
> >
> >
> >
> > _______________________________________________
> > OWASP-Delhi mailing list
> > OWASP-Delhi at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-delhi
> > LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> > Twitter: https://twitter.com/OWASPdelhi
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 6 Jul 2015 12:05:41 +0530
> From: sanjay kumar <sanjay1519841 at gmail.com>
> To: Dhruv Soi <dhruv.soi at owasp.org>
> Cc: owasp-delhi <owasp-delhi at lists.owasp.org>
> Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick
>         client  applications?
> Message-ID:
>         <CAPHKmPMkf51EEqDY8KOjHn70AdPjcdQa=
> 7HT3A5Qp8TxB_qZHg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thanks Dhruv,
>
> But the question is for c#, I dint find such specific result for tht.
>
> On Sunday, July 5, 2015, Dhruv Soi <dhruv.soi at owasp.org> wrote:
>
> > http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications
> >
> > http://www.lmgtfy.com/?q=aslr+c%23
> >
> > On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519841 at gmail.com
> > <javascript:;>> wrote:
> > > Hi,
> > >
> > > Does anyone knows how to implement ASLR (Address Space Layout
> > > Randomization), DEP (Data Execution Prevention) in thick client
> > application
> > > based on C#?
> > >
> > > If it cannot be implement then what is the risk in applications which
> > > developed in C#?
> > >
> > > Regards,
> > >
> > > Sanjay Kumar
> > >
> > >
> > >
> > > _______________________________________________
> > > OWASP-Delhi mailing list
> > > OWASP-Delhi at lists.owasp.org <javascript:;>
> > > https://lists.owasp.org/mailman/listinfo/owasp-delhi
> > > LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> > > Twitter: https://twitter.com/OWASPdelhi
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150706/09d325c4/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 6 Jul 2015 12:04:03 +0400
> From: Dhruv Soi <dhruv.soi at owasp.org>
> To: sanjay kumar <sanjay1519841 at gmail.com>
> Cc: owasp-delhi <owasp-delhi at lists.owasp.org>
> Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick
>         client  applications?
> Message-ID:
>         <CA+Rr0=67-k-=
> oARQEO67OAG-Ekz0aFe6rOS9gcUrOFYkobrGyw at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hope these helps.
>
>
> https://msdn.microsoft.com/en-us/library/microsoft.visualstudio.vcprojectengine.vclinkertool.randomizedbaseaddress.aspx
> https://msdn.microsoft.com/en-us/library/bb384887.aspx
> https://msdn.microsoft.com/en-us/library/dn195771.aspx
> https://msdn.microsoft.com/en-us/library/hh156527.aspx
>
> On Mon, Jul 6, 2015 at 10:35 AM, sanjay kumar <sanjay1519841 at gmail.com>
> wrote:
> > Thanks Dhruv,
> >
> > But the question is for c#, I dint find such specific result for tht.
> >
> >
> > On Sunday, July 5, 2015, Dhruv Soi <dhruv.soi at owasp.org> wrote:
> >>
> >> http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications
> >>
> >> http://www.lmgtfy.com/?q=aslr+c%23
> >>
> >> On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519841 at gmail.com>
> >> wrote:
> >> > Hi,
> >> >
> >> > Does anyone knows how to implement ASLR (Address Space Layout
> >> > Randomization), DEP (Data Execution Prevention) in thick client
> >> > application
> >> > based on C#?
> >> >
> >> > If it cannot be implement then what is the risk in applications which
> >> > developed in C#?
> >> >
> >> > Regards,
> >> >
> >> > Sanjay Kumar
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > OWASP-Delhi mailing list
> >> > OWASP-Delhi at lists.owasp.org
> >> > https://lists.owasp.org/mailman/listinfo/owasp-delhi
> >> > LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> >> > Twitter: https://twitter.com/OWASPdelhi
>
>
> ------------------------------
>
> _______________________________________________
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
> End of OWASP-Delhi Digest, Vol 84, Issue 5
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150707/e1bb7605/attachment.html>


More information about the OWASP-Delhi mailing list