[Owasp-testing] New article on Web Application Fingerprint

Jeff Williams jeff.williams at aspectsecurity.com
Fri Dec 22 05:59:24 EST 2006


I like this approach.

--Jeff
 
-----Original Message-----
From: Javier Fernandez-Sanguino
[mailto:javier.fernandezsanguino at gmail.com] On Behalf Of Javier
Fernandez-Sanguino
Sent: Thursday, December 21, 2006 6:03 AM
To: Jeff Williams
Cc: owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] New article on Web Application Fingerprint

Jeff Williams dijo:
> This is very cool. We should probably alphabetize it someday, but it's
> not critical.  I think for super-long cookies, perhaps we should maybe
> just put the first 40 bytes and then ...  or something like that.
> 
> Any HTML gurus out there have any style ideas for fitting this data
more
> nicely?

I've added more information there and the table is overflowing now the 
page. I think that we should change the presentation so that you would
have:

A table with one product per file with the cookies names it uses. The 
cookies names are linked to the next section. (ordered alphabetically)

A (text) list (or <dt>?) o paragraph with each cookie name, a generic 
description of the cookie (or specific, if only one product uses) and 
all the information on implementation details (content of the cookie, 
format, usage) for the different products using that cookie (this is 
where the table would link to). (ordered alphabetically)

If you see the current "database" there are multiple cookie names which 
are reused amongs products (JSESSIONID, Ltpatoken) with different 
content or values and having them listed by cookiename leads to
confusion.

Check out the 'ltpatoken' information I recently added (to the bottom of

the table) to see why the table format is not appropiate for cookie 
format/usage/references.

Regards

Javier


More information about the Owasp-testing mailing list