[OWASP-Security101] outgoing connections

Jim Manico jim.manico at owasp.org
Tue Aug 21 17:25:23 UTC 2012


Tell us more.

If your webserver/webapp is using a third party service, trust nothing
in the response and treat all data as tainted.

If you are using an •internal• webservice, then you have a 2-way trust
relationship and want to secure the services in both directions.

But tell us more about what you are trying to achieve...

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On Aug 21, 2012, at 10:22 AM, Wayne <security101 at photographic.org> wrote:

> Morning everyone,
>
> Was wondering how you deal with services/applications that require
> outgoing connections without having to just leave things wide open.
>
> We have some that use a static port/address and that is nice and easy
> to deal with, but we have a couple of others that the IP the service
> connects to is set by the customer.
>
> Just trying to get an idea of what practices there are for this type of issue.
>
> Thanks,
>
> Wayne
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org


More information about the Security101 mailing list