Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: applet security

Re: applet security

From: Michael Silk <michaelslists_at_gmail.com>
Date: Wed, 11 Jan 2006 22:51:36 +1100

Hahahaha.

Find another auditing company :)

Applets don't run on the server side. Maybe it _calls_ server side
code (by hitting urls or other channel), but it doesn't run there.
Maybe they want you to put "controls" on that code?

- Michael

On 11 Jan 2006 09:54:31 -0000, test.future_at_gmail.com
<test.future_at_gmail.com> wrote:
> Thanks for all the reply. Maybe I do not put it very clearly in the first email. The auditor's concerns are: Exposure to buffer overflow and environment attacks. So I believe their concern is on server side. Correct me if I'm wrong. They do not go for code review.
>
> What control can we put in place to mitigate the risk? Thanks.

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Jan 11 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]