Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: applet security

RE: applet security

From: Richard M. Smith <rms_at_computerbytesman.com>
Date: Tue, 10 Jan 2006 10:11:18 -0500

If a Web site is distributing safe-for-scripting ActiveX controls as part of
Web application, then these controls need a security audit. Typical
security problems in ActiveX controls include:

   - Unsafe methods which allow access to the Windows file system or
registry
   - Unsafe methods which allow programs to be executed
   - Unsafe methods for uploading and downloading files
   - Buffer overflow errors in properties and methods
   - Unsafe controls are mistakenly marked safe-for-scripting

Java applets typically run a sandbox inside of a Web browser and are much
less likely to have security problems.

Question for the list: Does OWASP cover ActiveX security issues at all?
They are part of some Web applications.

Richard M. Smith

-----Original Message-----
From: test.future_at_gmail.com [mailto:test.future_at_gmail.com]
Sent: Monday, January 09, 2006 5:25 AM
To: webappsec_at_securityfocus.com
Subject: applet security

Our auditor advised that controls have to be in place to use applet in web
application. I wonder what kind of controls is available? I searched owasp
but can't find anything. Thanks for any advice.

---------------------------------------------------------------------------- 

---
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
----------------------------------------------------------------------------
---
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Jan 10 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]