Taras, On Tue, Sep 22, 2009 at 5:10 PM, Taras <ta...@securityaudit.ru> wrote: > Hello, all!
Hi Taras? How're you doing? > As you may already know there is new attack vector [0] for web > applications especially for WAF and other filters bypassing. Yep, I was there watching his presentation in OWASP Poland. (lucky bastard) > What W3AF can do? For example, we can check for concatenated params in > HTTP response. It is the specialty of ASP.NET webapps. What do you think > about it? I'm just thinking out-loud, but... all web applications are vulnerable to this http parameter pollution trick, because the real vulnerable section is the framework with which they are developed, right? If this is true, do we really need to test for it? > > [0] > http://tacticalwebappsec.blogspot.com/2009/05/http-parameter-pollution.html > > > -- > Taras > ---- > "Software is like sex: it's better when it's free." - Linus Torvalds > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- AndrĂ©s Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
