Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Re: applet security

Re: Re: applet security

From: <test.future_at_gmail.com>
Date: 12 Jan 2006 02:12:38 -0000
('binary' encoding is not supported, stored as-is) >Maybe it _calls_ server side code (by hitting
> urls or other channel), but it doesn't run
>there.
>Maybe they want you to put "controls" on that code?

If that really is what they mean, what controls can be put in place to mitigate the risk? I can think of input filtering and validation on server side code to defend against buffer overflow. Any other measure besides this?

I don't understand what they mean by "environment attacks". Any one can share some thought on this? Thanks.

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Jan 12 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]