mailing list archives
Fun with Foundstone
From: <orangeofficer () hushmail com>
Date: Tue, 14 Feb 2006 11:35:14 -0600
Things for a security company not to do in a webapp:
1. Do not auto-populate form fields on the page with customer names.
2. If you ignore rule number 1, don't use a simple, predictable id
for said auto-population.
Rinse, increment, and repeat for a list of Foundstone
customers...or at least a list of companies they've let download
Now that's just plain sloppy.
Concerned about your privacy? Instantly send FREE secure email, no account required
Get the best prices on SSL certificates from Hushmail
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Fun with Foundstone Andrew Farmer (Feb 14)
Re: Fun with Foundstone Jason Coombs (Feb 14)
- Fun with Foundstone orangeofficer (Feb 14)