[Owasp-testing] Project Update

Dave van Stein dvstein at gmail.com
Sat Aug 30 07:41:12 EDT 2008


Hi Mat,

Today I stumbled upon a presentation of Joe Walker  on Web Application
Security. In this presentation he mentioned Cross Protocol Exploitation.
This basically is a way of using CSRF or XSS to send commands to a
non-webserver (in his presentation he uses an example of sending the
commands for constructing a mail to a SMTP server).

For the presentation, Google on "cross protocol exploitation joe walker" or
use this link:
http://ajaxexperience.techtarget.com/assets/documents/Walker_Joe_WebAppSecurity.pdf

I looked into our index and although this exploit is closely related to code
and command injection I think it deserves it own section. Do you agree or
did I miss something and can it be used as an example in one of the existing
sessions?

I hate bringing this up so late in the project, but I thought it was worth
mentioning.

regards, Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080830/3c4cdd2c/attachment.html 


More information about the Owasp-testing mailing list