[Owasp-testing] Owasp Testing Guide - Inclusion of New Web Attack Vectors

0kn0ck at secniche.org 0kn0ck at secniche.org
Sun May 17 00:59:51 EDT 2009


Hi Community

I want to talk to you regarding the new attack vectors noticed this year
which can circumvent the security of web applications. I have released two
papers and real world advisories in Google and Oracle products. Still the
web applications which are deployed in custom manner vulnerable to these
attacks.

The release papers are indicated below:

http://secniche.org/papers/SNS_09_01_Evad_Xss_Filter_Msword.pdf
http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf
http://secniche.org/gmd_hijack/gc_hijack.xhtml

These type of attacks are big concern to web applications running in real
world.

Please let us know about you review regarding these attack vectors for the
possible inclusion in the OWASP testing guide and which section will be 
suitable for these type of attacks.

Your all opinions are welcomed and will be highly appreciated in hitting
the right path.


Kind Regards
Aditya KS
http://www.secniche.org



More information about the Owasp-testing mailing list