[OWASP-Security101] outgoing connections

Jim Manico jim.manico at owasp.org
Tue Aug 21 17:25:23 UTC 2012

Tell us more.

If your webserver/webapp is using a third party service, trust nothing
in the response and treat all data as tainted.

If you are using an •internal• webservice, then you have a 2-way trust
relationship and want to secure the services in both directions.

But tell us more about what you are trying to achieve...

Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On Aug 21, 2012, at 10:22 AM, Wayne <security101 at photographic.org> wrote:

> Morning everyone,
> Was wondering how you deal with services/applications that require
> outgoing connections without having to just leave things wide open.
> We have some that use a static port/address and that is nice and easy
> to deal with, but we have a couple of others that the IP the service
> connects to is set by the customer.
> Just trying to get an idea of what practices there are for this type of issue.
> Thanks,
> Wayne
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org

More information about the Security101 mailing list