[Owasp-testing] New article on Web Application Fingerprint

Javier Fernandez-Sanguino jfernandez at germinus.com
Thu Dec 21 06:03:27 EST 2006


Jeff Williams dijo:
> This is very cool. We should probably alphabetize it someday, but it's
> not critical.  I think for super-long cookies, perhaps we should maybe
> just put the first 40 bytes and then ...  or something like that.
> 
> Any HTML gurus out there have any style ideas for fitting this data more
> nicely?

I've added more information there and the table is overflowing now the 
page. I think that we should change the presentation so that you would have:

A table with one product per file with the cookies names it uses. The 
cookies names are linked to the next section. (ordered alphabetically)

A (text) list (or <dt>?) o paragraph with each cookie name, a generic 
description of the cookie (or specific, if only one product uses) and 
all the information on implementation details (content of the cookie, 
format, usage) for the different products using that cookie (this is 
where the table would link to). (ordered alphabetically)

If you see the current "database" there are multiple cookie names which 
are reused amongs products (JSESSIONID, Ltpatoken) with different 
content or values and having them listed by cookiename leads to confusion.

Check out the 'ltpatoken' information I recently added (to the bottom of 
the table) to see why the table format is not appropiate for cookie 
format/usage/references.

Regards

Javier


More information about the Owasp-testing mailing list