|
WebApp Sec
mailing list archives
Re: [WEB SECURITY] Fundamental error in Corsaire's paper?
From: Dan Kuykendall <dan () kuykendall org>
Date: Thu, 27 Apr 2006 12:16:07 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Amit Klein (AKsecurity) wrote:
To turn the question back to you: GIVEN all the attacks discussed
above and in my paper, in which realistic scenario do
you perceive that setting the path makes the cookies more
secure than not setting it?
I know I'm not the one you are asking, but I think setting the path is
LESS secure. Not because of any technical reason, given the fact that
its easily circumvented, but because of the false sense of security that
gets placed by developers using the path.
- --
Dan Kuykendall (aka Seek3r)
http://www.mightyseek.com
In God we trust, all others we virus scan.
Programmer - an organism that turns coffee into software.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEURh3K8FkGutbdPMRAhRpAKCPJfdqhrsdVLY+RzIIxj9x+wloawCgkbMs
c/6354DSoCwIoAnP/gAk5Fo=
=I3mQ
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- WebScarab Fuzzer, (continued)
| 
Intro
