[Owasp-sydney] Greetings - OWASP Testing Guide v3

NG, Paul (GE Capital, Non-GE) paul.ng1 at ge.com
Wed Sep 22 20:18:57 EDT 2010


Hey guys,

Not sure the accuracy of this report, but it does explicitly says OWASP
ESAPI has not defense against cookie hacks using POET.

"
Many banking sites protect against faulty implementations by using
random session data to protect individual users. Similar faulty
encryption implementations that can be exploited via the padding attack
technique can be found in other popular Web frameworks, including Ruby
on Rails, and the OWASP Enterprise Security API Toolkits. Both Rizzo and
Duong said the frameworks can be repaired to ensure developers avoid
implementing faulty encryption.  
"

Share your thoughts? 

Regards, 
Paul Ng 

-----Original Message-----
From: NG, Paul (GE Capital, Non-GE) 
Sent: Thursday, September 23, 2010 10:17 AM
To: 'Christian Heinrich'
Cc: 'Owasp-sydney at lists.owasp.org'
Subject: RE: [Owasp-sydney] Greetings - OWASP Testing Guide v3

 Sorry, here's the link
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1520
252,00.html


Regards,
Paul Ng 

-----Original Message-----
From: NG, Paul (GE Capital, Non-GE)
Sent: Thursday, September 23, 2010 10:17 AM
To: 'Christian Heinrich'
Cc: Owasp-sydney at lists.owasp.org
Subject: RE: [Owasp-sydney] Greetings - OWASP Testing Guide v3

Hi All
Those who are on .NET may find this interesting or threatening.


Regards
Paul NG


DISCLAIMER:
This e-mail and any attachment is intended only for the exclusive and confidential use of the addressee(s). If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. If you have received this message in error, please notify the sender by return e-mail immediately and delete the message from your computer without making any copies. Please see http://www.ge.com/privacy.html for information about our privacy practices.


More information about the Owasp-sydney mailing list