Web Application Report
Size: px
Start display at page:

Download "Web Application Report"

Transcription

1 Web Application Report Security Report This report was created by IBM Rational AppScan /11/2009 5:25:03 PM 2/11/2009 5:25:03 PM 1/28 Copyright IBM Corp. 2000, All Rights Reserved.

2 Report Information Web Application Report Scan Name: preventivo.navale.it Scanned Host(s) Host Operating System Web Server Application Server preventivo.navale.it preventivo.navale.it:443 Win32 IIS, IIS6 ASP.NET Content This report contains the following sections: Detailed Security Issues Application Data Application URLs 2/11/2009 5:25:03 PM 2/28

3 Detailed Security Issues Vulnerable URL: Total of 2 security issues in this URL [1 of 2] Application Test Script Detected Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application Remove test scripts from the server Variant 1 of 1 [ID=1393] The following changes were applied to the original request: Set path to '/test.aspx' [2 of 2] Direct Access to Administration Pages Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application Apply proper authorization to administration scripts Variant 1 of 1 [ID=1405] The following changes were applied to the original request: Set path to '/admin.aspx' Vulnerable URL: Total of 2 security issues in this URL [1 of 2] Microsoft ASP.NET Debugging Enabled Severity: Test Type: Vulnerable URL: Remediation Tasks: Low Infrastructure Disable Debugging on Microsoft ASP.NET Variant 1 of 1 [ID=5953] The following changes were applied to the original request: Set path to '/appscan.aspx' Added HTTP header 'Command: stop-debug' Set method to 'DEBUG' 2/11/2009 5:25:03 PM 3/28

4 [2 of 2] Missing Secure Attribute in Encrypted Session (SSL) Cookie Severity: Test Type: Vulnerable URL: Remediation Tasks: Low Application (Cookie = ASP.NET_SessionId) Add the 'Secure' attribute to all sensitive cookies Variant 1 of 2 [ID=7901] The following may require user attention: GET /menu.aspx HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: HTTP/ OK Set-Cookie: ASP.NET_SessionId=t02gcg55nhlruoaar2muyq45; path=/ Set-Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55; path=/; expires= T01:00:00; domain=preventivo.navale.it Content-Length: 2030 Connection: close Date: Tue, 16 Dec :59:23 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>menu</title> <meta content="microsoft Visual Studio.NET 7.1" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content=" name="vs_targetschema"> <LINK href="style1_ie.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="form1" method="post" action="menu.aspx" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtmtewnzyxndy0ott0pdtspgk8mz47pjtsphq8o2w8atwxpjtppdm+o2k8nz 47aTw5PjtpPDExPjtpPDEzPjtpPDE1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+ Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG 88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxl 2/11/2009 5:25:03 PM 4/28

5 mlzawjszts+o2w8bzxmpjs+pjs7pjs+pjs+pjs+ezsjj4xtnis8kgqwlgdcofhnbfk=" /> <table width="170" bgcolor=white> <table id="tblpreventivo" width="100%" border="0" cellspacing="0" cellpadding="0"> <td id="cellpreventivo" class="righthead1" height="16">calcola il tuo preventivo <td height="16"><input type="submit" name="btnpreventivo" value="entra" id="btnpreventivo" class="button" /> <tr height="5"> <td height="5"> <tr height="1"> <td background="img\h-line.gif" width="170"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> 2/11/2009 5:25:03 PM 5/28

6 </form> </body> </HTML> Vulnerable URL: Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application Remove sensitive information from HTML comments Variant 1 of 1 [ID=7893] The following may require user attention: GET /emptybar.htm HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: HTTP/ OK Content-Length: 1816 Connection: close Date: Tue, 16 Dec :59:23 GMT Content-Type: text/html ETag: "f42fbc658222c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec :56:25 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> 2/11/2009 5:25:04 PM 6/28

7 <head> <meta http-equiv="content-language" content="it"> <meta name="generator" content="microsoft FrontPage 5.0"> <meta name="progid" content="frontpage.editor.document"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <title>quotazione</title> <script language="javascript"> function newwindow(myurl) { window.open (myurl,null,'height=500,width=470,scrollbars=yes,resizable=yes'); } </script> </head> <body bgcolor="#ffffff" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <table height="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td width="10"><img src="img/spacer.gif" width="10" height="1" border="0"> <td width="150" valign="top" bgcolor="#e5e5e5"> <table width="150" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <tr height="1"> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="136"><img src="img/spacer.gif" width="136" height="1" border="0" alt=""> <!-- <div><a class="helptext" href="restart.aspx?appid=6" target="framemain">agent Locator</a></div> <div><a class="helptext" href="restart.aspx?appid=2" target="framemain">registrazione</a></div> <div><a class="helptext" href="restart.aspx?appid=3" target="framemain">login</a></div> --> </body> </html> 2/11/2009 5:25:04 PM 7/28

8 Vulnerable URL: Total of 1 security issues in this URL [1 of 1] Unencrypted VIEWSTATE Parameter Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application (Parameter = VIEWSTATE) Modify your Web.Config file to encrypt the VIEWSTATE parameter Variant 1 of 2 [ID=7352] The following may require user attention: POST /go.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Content-Length: 592 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Content-Type: application/x-www-form-urlencoded Referer: VIEWSTATE=dDwtNTc5NDA1MzkxO3Q8cDxsPGN1cnJfbWFwOz47bDxpPDA% 2BOz4%2BO2w8aTwxPjtpPDM% 2BOz47bDx0PHA8bDxUZXh0Oz47bDwKDVw8c2NyaXB0IGxhbmd1YWdlPSdqYXZhc2Ny axb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgpewkjfq onls1cpgonxdwvc2nyaxb0xd4kdts% 2BPjs7Pjt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxPjtpPDI% 2BOz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs%2BO2w8dDw7bDxpPDA% 2BOz47bDx0PHA8cDxsPEltYWdlVXJsOz47bDwuLi9JbWcvUHJldmVudGl2b19SQ0EuZ2l moz4%2boz47oz47pj47pj47pj47ddw7bdxppda% 2BOz47bDx0PHA8bDxpbm5lcmh0bWw7PjtsPFxlOz4%2BOzs%2BOz4%2BOz4%2BOz4% 2BOz4%2BOz5mdgYmi4nVODQZ02S%2FX01Ikyf%2FQA%3D%3D&buttonEntra=Entra HTTP/ OK Content-Length: 9471 Connection: close Date: Tue, 16 Dec :59:33 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>preventivo Canale Internet</title> 2/11/2009 5:25:04 PM 8/28

9 <meta content="microsoft Visual Studio 7.0" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content=" name="vs_targetschema"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <script language='javascript'> <!-- var i = 0; --> </script> <script language='javascript' > <!-- function ImmediatePrintPage(){ } --> </script> </HEAD> <body onload="immediateprintpage()"> <form name="form1" method="post" action="" language="javascript" onsubmit="turnonhourglass();if (!ValidatorOnSubmit()) return false;" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtntc5nda1mzkxo3q8cdxspgn1cnjfbwfwoz47bdxppdi+oz4+o2w8atwxpj tppdm+oz47bdx0pha8bdxuzxh0oz47bdwkdvw8c2nyaxb0igxhbmd1ywdlpsdqyxzh c2nyaxb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgpe wkjfqonls1cpgonxdwvc2nyaxb0xd4kdts+pjs7pjt0pdtspgk8mt47pjtsphq8o2w8at wxpjtppdi+o2k8nd47pjtsphq8o2w8atwwpjs+o2w8ddw7bdxppde+oz47bdx0pdtspg k8md47pjtsphq8cdxwpgw8sw1hz2vvcmw7pjtspc4ul0ltzy9uaxbvx3zlawnvbg9fym FycmFfZGlfc3RhdG8uZ2lmOz4+Oz47Oz47Pj47Pj47Pj47dDw7bDxpPDA+Oz47bDx0PHA8 bdxpbm5lcmh0bww7pjtspfnjzwx0ysb0axbvihzlawnvbg87pj47oz47pj47ddw7bdxpp DA+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+Oz47bDx0 PDtsPGk8MD47PjtsPHQ8O2w8aTwzPjtpPDU+O2k8Nz47aTw5PjtpPDExPjtpPDEyPjtpPD E0Pjs+O2w8dDxwPHA8bDxGb3JlQ29sb3I7VGV4dDtCYWNrQ29sb3I7XyFTQjs+O2w8Mjx EYXJrUmVkPjvigKI7MjxXaGl0ZT47aTwxMj47Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7QmFja0Nv bg9yo0zvcmvdb2xvcjtfivncoz47bdzigki7mjxxagl0zt47mjxeyxjrumvkpjtppdeypjs+p js+ozs+o3q8cdxwpgw8vgv4ddtcywnrq29sb3i7rm9yzunvbg9yo18hu0i7pjtspokao jsypfdoaxrlpjsyperhcmtszwq+o2k8mti+oz4+oz47oz47ddxwpha8bdxuzxh0o0jhy 2tDb2xvcjtGb3JlQ29sb3I7XyFTQjtWYWx1ZVRvQ29tcGFyZTs+O2w84oCiOzI8V2hpdGU+ OzI8RGFya1JlZD47aTwxMj47MTYvMTIvMjAwODs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDtN YXhpbXVtVmFsdWU7QmFja0NvbG9yO0ZvcmVDb2xvcjtfIVNCO01pbmltdW1WYWx1ZTs+ O2w84oCiOzE0LzAyLzIwMDk7MjxXaGl0ZT47MjxEYXJrUmVkPjtpPDEyPjsxNi8xMi8yMDA 4Oz4+Oz47Oz47dDxwPHA8bDxOYXZpZ2F0ZVVybDs+O2w8amF2YXNjcmlwdDp3aW4gP SB3aW5kb3cub3BlbignSGVscEZpbGVzL2hlbHBfRGF0YURlY29ycmVuemEuaHRtJywnX2 JsYW5rJywnaGVpZ2h0PTIwMCx3aWR0aD0zMDAsdG9wPTAsbGVmdD0wLHNjcm9sbGJ hcnm9ewvzlhjlc2l6ywjszt1ubyxzdgf0dxm9bm8sdg9vbgjhcj1ubyxsb2nhdglvbj1uby xkaxjly3rvcmllcz1ubyxtzw51ymfypw5vlgnvchloaxn0b3j5pxllcycpxdt3aw4uzm9jdx MoKVw7Oz4+Oz47Oz47dDx0PHA8cDxsPERhdGFUZXh0RmllbGQ7RGF0YVZhbHVlRmllb GQ7PjtsPHJiVGV4dDtyYlZhbHVlOz4+Oz47dDxpPDQ+O0A8QXV0b3ZldHR1cmEgYWQgd XNvIFByaXZhdG87TW90b2NpY2xvIGFkIHVzbyBQcml2YXRvO0NpY2xvbW90b3JlIGFkIH VzbyBQcml2YXRvO0FsdHJvIHZlaWNvbG87PjtAPDI1MTszODI7Mzg2OzUwMTs+Pjs+Ozs +Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz4+Oz7z3d61Rv5az+Ks3Dt/fyOm6cj8jQ==" /> 2/11/2009 5:25:04 PM 9/28

10 <script language="javascript" type="text/javascript" src="/aspnet_client/system_web/1_1_4322/webuivalidation.js"></script> <table id="tabskeleton" height="375" width="424" border="0"> <td id="spacer" colspan="3" height="20"> <tr id="rownavbar"> <td id="navbarcell" colspan="3" align="center"> <img id="navigationbar1_image1" src="img/tipo_veicolo_barra_di_stato.gif" alt="" border="0" /> <tr id="rowheader"> <td id="headercell" colspan="3" height="30" class="lefttext13-bold">scelta tipo veicolo <tr id="rowsummaryvalidator"> <td id="cellsummaryvalidator" align="center" height="20" colspan="3"><div id="vs1" class="validationsummary" showmessagebox="true" style="color:darkred;background-color:white;display:none;"> </div> <tr id="rowmain"> <td id="maincell" colspan="3" width="100%" align="center" valign="top"> <table id="customdynamictable" width="100%"> <t... Vulnerable URL: Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application Remove sensitive information from HTML comments Variant 1 of 1 [ID=7894] The following may require user attention: GET /leftbar.htm HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it 2/11/2009 5:25:04 PM 10/28

11 Referer: HTTP/ OK Content-Length: 1760 Connection: close Date: Tue, 16 Dec :59:23 GMT Content-Type: text/html ETag: "548e1b668222c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec :56:25 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <html> <head> <meta http-equiv="content-language" content="it"> <meta name="generator" content="microsoft FrontPage 5.0"> <meta name="progid" content="frontpage.editor.document"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <title>quotazione</title> <script language="javascript"> function newwindow(myurl) { window.open (myurl,null,'height=500,width=470,scrollbars=yes,resizable=yes'); } </script> </head> <body bgcolor="#ffffff" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <table height="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td width="10"><img src="img/spacer.gif" width="10" height="1" border="0"> <td width="150" valign="top" bgcolor="#e5e5e5"> <table width="150" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <tr height="1"> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="7"><img src="img/spacer.gif" width="7" height="1" border="0" alt=""> <td width="136"><img src="img/spacer.gif" width="136" height="1" border="0" alt=""> <!-- <div><a class="helptext" href="restart.aspx? 2/11/2009 5:25:04 PM 11/28

12 --> </body> </html> Vulnerable URL: Total of 1 security issues in this URL [1 of 1] Unencrypted VIEWSTATE Parameter Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application (Parameter = VIEWSTATE) Modify your Web.Config file to encrypt the VIEWSTATE parameter Variant 1 of 1 [ID=6916] The following may require user attention: POST /menu.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Content-Length: 476 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Content-Type: application/x-www-form-urlencoded Referer: VIEWSTATE=dDwtMTEwNzYxNDY0OTt0PDtsPGk8Mz47PjtsPHQ8O2w8aTwxPjtpPDM %2BO2k8Nz47aTw5PjtpPDExPjtpPDEzPjtpPDE1Pjs% 2BO2w8dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs% 2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs% 2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs% 2BO2w8bzxmPjs%2BPjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs% 2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZTs% 2BO2w8bzxmPjs%2BPjs7Pjs%2BPjs%2BPjs%2BezSJj4xtNIS8kGQWLGdCOFHnBFk% 3D&btnPreventivo=Entra HTTP/ OK Content-Length: /11/2009 5:25:04 PM 12/28

13 Connection: close Date: Tue, 16 Dec :59:25 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>menu</title> <meta content="microsoft Visual Studio.NET 7.1" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content=" name="vs_targetschema"> <LINK href="style1_ie.css" type="text/css" rel="stylesheet"> <script language='javascript'> <!-- window.parent.framemain.location='restart.aspx?appid=1' --> </script> </HEAD> <body> <form name="form1" method="post" action="menu.aspx" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtmtewnzyxndy0ott0pdtspgk8mt47atwzpjs+o2w8ddxwpgw8vgv4dds+ O2w8IFw8c2NyaXB0IGxhbmd1YWdlPSdqYXZhc2NyaXB0J1w+Cg0gXDwhLS0KDSB3aW 5kb3cucGFyZW50LmZyYW1lTWFpbi5sb2NhdGlvbj0ncmVzdGFydC5hc3B4P0FwcElEPTE ncg0gls1cpiakdsbcpc9zy3jpchrcpiakdts+pjs7pjt0pdtspgk8mt47atwzpjtppdc+o 2k8OT47aTwxMT47aTwxMz47aTwxNT47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47 Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxv PGY+Oz4+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VmlzaWJsZ Ts+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxsP FZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47Pj47PlUWCNK+FB7uJPDBUNGfhDpT5k26" /> <table width="170" bgcolor=white> <table id="tblpreventivo" width="100%" border="0" cellspacing="0" 2/11/2009 5:25:04 PM 13/28

14 <td id="cellpreventivo" class="righthead1" height="16">calcola il tuo preventivo <td height="16"><input type="submit" name="btnpreventivo" value="entra" id="btnpreventivo" class="button" /> <tr height="5"> <td height="5"> <tr height="1"> <td background="img\h-line.gif" width="170"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> </form> </body> </HTML> Vulnerable URL: 2/11/2009 5:25:04 PM 14/28

15 Total of 1 security issues in this URL [1 of 1] Unencrypted VIEWSTATE Parameter Severity: Test Type: Informational Application Vulnerable URL: (Parameter = VIEWSTATE) Remediation Tasks: Variant 1 of 1 [ID=8369] Modify your Web.Config file to encrypt the VIEWSTATE parameter The following may require user attention: POST /navigationwarning.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Content-Length: 81 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Content-Type: application/x-www-form-urlencoded Referer: VIEWSTATE=dDw5NjU1MTU1Ozs%2Bi3mQhMJY%2BTlbld4h97VeYewF6DQ% 3D&btnContinue=Avanti HTTP/ Found Content-Length: 125 Connection: close Date: Tue, 16 Dec :59:41 GMT Location: /go.aspx Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <html><head><title>object moved</title></head><body> <h2>object moved to <a href='/go.aspx'>here</a>.</h2> </body></html> GET /go.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: HTTP/ OK Content-Length: /11/2009 5:25:04 PM 15/28

16 Connection: close Date: Tue, 16 Dec :59:29 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>preventivo Canale Internet</title> <meta content="microsoft Visual Studio 7.0" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content=" name="vs_targetschema"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <script language='javascript'> <!-- var i = 0; --> </script> <script language='javascript' > <!-- function ImmediatePrintPage(){ } --> </script> </HEAD> <body onload="immediateprintpage()"> <form name="form1" method="post" action="go.aspx" language="javascript" onsubmit="turnonhourglass();" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtntc5nda1mzkxo3q8cdxspgn1cnjfbwfwoz47bdxppda+oz4+o2w8atwx PjtpPDM+Oz47bDx0PHA8bDxUZXh0Oz47bDwKDVw8c2NyaXB0IGxhbmd1YWdlPSdqYXZ hc2nyaxb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgp ewkjfqonls1cpgonxdwvc2nyaxb0xd4kdts+pjs7pjt0pdtspgk8mt47pjtsphq8o2w8a TwxPjtpPDI+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDA+O z47bdx0pha8cdxspeltywdlvxjsoz47bdwuli9jbwcvuhjldmvudgl2b19sq0euz2lmoz4 +Oz47Oz47Pj47Pj47Pj47dDw7bDxpPDA+Oz47bDx0PHA8bDxpbm5lcmh0bWw7PjtsPFxlO z4+ozs+oz4+oz4+oz4+oz4+oz5mdgymi4nvodqz02s/x01ikyf/qa==" /> <table id="tabskeleton" height="375" width="424" border="0"> <td id="spacer" colspan="3" height="20"> <tr id="rownavbar"> <td id="navbarcell" colspan="3" align="center"> <img id="navigationbar1_image1" src="img/preventivo_rca.gif" alt="" border="0" /> 2/11/2009 5:25:04 PM 16/28

17 <tr id="rowheader"> <td id="headercell" colspan="3" height="30" class="lefttext13-bold"> <tr id="rowsummaryvalidator"> <td id="cellsummaryvalidator" align="center" height="20" colspan="3"><div id="vs1" class="validationsummary" showmessagebox="true" style="color:darkred;background-color:white;display:none;"> </div> <tr id="rowmain"> <td id="maincell" colspan="3" width="100%" align="center" valign="top"> <table id="customdynamictable" width="100%"> <td width="100%" colspan="4"> <table> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hypcosatiserve" class="helptext" href="htmlfiles/cosatiserve.htm" target="_blank">cosa ti serve per iniziare</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarlast" class="helptext" href="htmlfiles/tariffecondizioninavale0708.htm" target="_blank">condizioni di polizza e Nota informativa in vigore fino al 31/01/2009</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarnext" class="helptext" href="htmlfiles/tariffecondizioninavale0209.htm" target="_blank">condizioni di polizza e Nota informativa in vigore dal 01/02/2009</a> <span id="_ctl3_lblhaipolizza" class="centertext">hai già una polizza RC Auto Navale? Contatta il tuo Agente </span> <span id="_ctl3_lblhaipolizza2" class="centertext">per conoscere i vantaggi collegati al rinnovo della tua polizza.</span> <span id="_ctl3_lbllegge" class="centertext">sito internet costituito ai sensi dell art. 131 del Codice delle Assicurazioni</span> <span id="_ctl3_label1" class="centertext">per iniziare un nuovo preventivo clicca su "Entra".</span> <tr id="rowbuttons"> <td id="navigationbuttonscell" align="center" height="20" colspan="3"> 2/11/2009 5:25:04 PM 17/28

18 &... Vulnerable URL: Total of 1 security issues in this URL [1 of 1] Query Parameter in SSL Request Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application (Parameter = AppID) Always use the HTTP POST method when sending sensitive information Variant 1 of 1 [ID=7169] The following may require user attention: GET /restart.aspx?appid=1 HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: HTTP/ Found Content-Length: 125 Connection: close Date: Tue, 16 Dec :59:26 GMT Location: /Go.aspx Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <html><head><title>object moved</title></head><body> <h2>object moved to <a href='/go.aspx'>here</a>.</h2> </body></html> GET /go.aspx HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: 2/11/2009 5:25:04 PM 18/28

19 HTTP/ OK Content-Length: 4333 Connection: close Date: Tue, 16 Dec :59:29 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: Cache-Control: private <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>preventivo Canale Internet</title> <meta content="microsoft Visual Studio 7.0" name="generator"> <meta content="c#" name="code_language"> <meta content="javascript" name="vs_defaultclientscript"> <meta content=" name="vs_targetschema"> <LINK rel="stylesheet" type="text/css" href="style1_ie.css"> <script language='javascript'> <!-- var i = 0; --> </script> <script language='javascript' > <!-- function ImmediatePrintPage(){ } --> </script> </HEAD> <body onload="immediateprintpage()"> <form name="form1" method="post" action="go.aspx" language="javascript" onsubmit="turnonhourglass();" id="form1"> <input type="hidden" name=" VIEWSTATE" value="ddwtntc5nda1mzkxo3q8cdxspgn1cnjfbwfwoz47bdxppda+oz4+o2w8atwx PjtpPDM+Oz47bDx0PHA8bDxUZXh0Oz47bDwKDVw8c2NyaXB0IGxhbmd1YWdlPSdqYXZ hc2nyaxb0jybcpgonxdwhls0kdwz1bmn0aw9uieltbwvkawf0zvbyaw50ugfnzsgp ewkjfqonls1cpgonxdwvc2nyaxb0xd4kdts+pjs7pjt0pdtspgk8mt47pjtsphq8o2w8a TwxPjtpPDI+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDA+O z47bdx0pha8cdxspeltywdlvxjsoz47bdwuli9jbwcvuhjldmvudgl2b19sq0euz2lmoz4 +Oz47Oz47Pj47Pj47Pj47dDw7bDxpPDA+Oz47bDx0PHA8bDxpbm5lcmh0bWw7PjtsPFxlO z4+ozs+oz4+oz4+oz4+oz4+oz5mdgymi4nvodqz02s/x01ikyf/qa==" /> <table id="tabskeleton" height="375" width="424" border="0"> <td id="spacer" colspan="3" height="20"> <tr id="rownavbar"> 2/11/2009 5:25:04 PM 19/28

20 alt="" border="0" /> <img id="navigationbar1_image1" src="img/preventivo_rca.gif" <tr id="rowheader"> <td id="headercell" colspan="3" height="30" class="lefttext13-bold"> <tr id="rowsummaryvalidator"> <td id="cellsummaryvalidator" align="center" height="20" colspan="3"><div id="vs1" class="validationsummary" showmessagebox="true" style="color:darkred;background-color:white;display:none;"> </div> <tr id="rowmain"> <td id="maincell" colspan="3" width="100%" align="center" valign="top"> <table id="customdynamictable" width="100%"> <td width="100%" colspan="4"> <table> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hypcosatiserve" class="helptext" href="htmlfiles/cosatiserve.htm" target="_blank">cosa ti serve per iniziare</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarlast" class="helptext" href="htmlfiles/tariffecondizioninavale0708.htm" target="_blank">condizioni di polizza e Nota informativa in vigore fino al 31/01/2009</a> <img src="img/all_arr_blue.gif" width="10" height="10" border="0"><a id="_ctl3_hyptarnext" class="helptext" href="htmlfiles/tariffecondizioninavale0209.htm" target="_blank">condizioni di polizza e Nota informativa in vigore dal 01/02/2009</a> <span id="_ctl3_lblhaipolizza" class="centertext">hai già una polizza RC Auto Navale? Contatta il tuo Agente </span> <span id="_ctl3_lblhaipolizza2" class="centertext">per conoscere i vantaggi collegati al rinnovo della tua polizza.</span> <span id="_ctl3_lbllegge" class="centertext">sito internet costituito ai sensi dell art. 131 del Codice delle Assicurazioni</span> <span id="_ctl3_label1" class="centertext">per iniziare un nuovo preventivo clicca su "Entra".</span> 2/11/2009 5:25:04 PM 20/28

21 <tr id="rowbuttons"> <td id="navigationbuttonscell" align="center" height="20" colspan="3"> &nbsp&nbsp&nbsp<input type="submit" name="buttonentra" value="entra" id="buttonentra" class="button" style="width:80px;" /> <tr id="rowfooter"> <td i... Vulnerable URL: Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application Remove sensitive information from HTML comments Variant 1 of 5 [ID=7895] The following may require user attention: GET /welcome.htm HTTP/1.0 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: preventivo.navale.it Referer: HTTP/ OK Content-Length: 5810 Connection: close Date: Tue, 16 Dec :59:23 GMT Content-Type: text/html ETag: "885f c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec :56:27 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <HTML> <HEAD> <TITLE>Winterthur - Canale Internet</TITLE> <LINK href="style1_ie.css" type="text/css" rel="stylesheet"> </HEAD> <BODY> 2/11/2009 5:25:04 PM 21/28

22 <table> <img src="img/picturehome.jpg"> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table3"> <td class="righthead1" height="16">scegli dal menu a destra. <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td colspan="2" width="100%" bgcolor="#000000" valign="top"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> <td width="10" valign="top"><img src="img\all_arr_blue.gif" width="10" height="10" border="0"> <td width="100%" valign="top"> <span class="centertext-bold"> <!--a href="restart.aspx?appid=1">calcola il tuo preventivo</a--> <a>calcola il tuo preventivo</a> </span> <tr height="4"> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> </p><p> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <td valign="top"><span class="centertext">per calcolare il preventivo RC auto in modo facile e veloce.</span> <tr height="12"> <img src="img\spacer.gif" height="12" border="0" alt=""> </p> <!-- <p> <table width="100%" border="0" cellspacing="0" cellpadding="0" 2/11/2009 5:25:04 PM 22/28

23 <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> <td width="10" valign="top"><img src="img\all_arr_orange.gif" width="10" height="10" border="0"> <td width="100%" valign="top"> <span class="centertext-bold"> <!--a href="restart.aspx?appid=1">calcola il tuo preventivo</a--> <!-- <a>cliente convenzionato</a> </span> <tr height="4"> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> </p> <p> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table10"> <td valign="top"><span class="centertext">sei un cliente convenzionato, calcola il tuo preventivo in modo semplice e veloce. </span> <tr height="12"> <img src="img\spacer.gif" height="12" border="0" alt=""> </p> <p> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table4"> <td colspan="2" width="100%" bgcolor="#000000" valign="top"><img src="img\spacer.gif" width="1" height="1" border="0" alt=""> <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> <td width="10" valign="top"><img src="img\all_arr_orange.gif" width="10" height="10" border="0"> <td width="100%" valign="top"> <span class="centertext-bold"> <!--a href="restart.aspx?appid=2">calcola il tuo preventivo</a--> <!-- <a>registrazione</a> </span> 2/11/2009 5:25:04 PM 23/28

24 <td colspan="2" valign="top"><img src="img\spacer.gif" width="1" height="4" border="0" alt=""> </p> <p> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table5"> <td valign="top"><span class="centertext">il modo pi semplice per avere, sempre a portata di click, la lista dei tuoi preventivi e, nel caso tu sia gi nostro cliente, per usufruire di altri interessanti servizi.</span> <tr height="12"> <img src="img\spacer.gif" height="12" border="0" alt=""> </p> <p> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table6">... Vulnerable URL: Total of 1 security issues in this URL [1 of 1] HTML Comments Sensitive Information Disclosure Severity: Test Type: Vulnerable URL: Remediation Tasks: Informational Application Remove sensitive information from HTML comments Variant 1 of 1 [ID=7900] The following may require user attention: GET /htmlfiles/cosatiserve.htm HTTP/1.0 Cookie: ASP.NET_SessionId=wunhkp45l3eiki55blybvi55 Accept: */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) 2/11/2009 5:25:05 PM 24/28

25 Host: preventivo.navale.it Referer: HTTP/ OK Content-Length: 3598 Connection: close Date: Tue, 16 Dec :59:32 GMT Content-Type: text/html ETag: "40f1a c71:4369" Server: Microsoft-IIS/6.0 Cache-Control: no-cache Last-Modified: Mon, 18 Dec :56:31 GMT Accept-Ranges: bytes X-Powered-By: ASP.NET <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft Visual Studio 7.0"> <LINK rel="stylesheet" type="text/css" href="../style1_ie.css"> <TITLE>Cosa ti serve per iniziare</title> </HEAD> <BODY topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"> <table height="100%" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table1"> <td valign="top" colspan="3"> <!-- Begin Head --> <table background="" width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table2"> <tr height="20"> <td bgcolor="#e5e5e5"><img src="../img/spacer.gif" width="1" height="20" border="0" alt=""> <tr height="1"> <td bgcolor="#000000"><img src="../img/spacer.gif" width="100%" height="1" border="0" alt=""> <!-- End Head --> <td width="15"><img src="../img/spacer.gif" width="15" height="1" border="0" alt=""> <td valign="top"> <p class="lefttext"><b>cosa ti serve per iniziare</b></p> <p class="lefttext">per ottenere un preventivo personalizzato, necessario fornire alcuni dati.</p> <p class="lefttext">prima di iniziare, accertati di avere a portata di 2/11/2009 5:25:05 PM 25/28

26 tua classe di Bonus/Malus ( scritta sull'attestato di rischio o sull'ultima polizza pagata)</p> <p class="lefttext"><img src="../img/all_arr_black.gif" width="10" height="10" border="0">i dati del veicolo che vuoi assicurare (li trovi sul libretto di circolazione: marca, modello, versione auto, cavalli fiscali, data di immatricolazione)</p> <p class="lefttext"><img src="../img/all_arr_black.gif" width="10" height="10" border="0">la data di rilascio della patente</p> <p class="lefttext"><img src="../img/all_arr_black.gif" width="10" height="10" border="0">la data di scadenza dell'attuale polizza (riportata sul documento di polizza)</p> <p class="lefttext">ricorda che tutte le informazioni richieste sono obbligatorie per il calcolo del premio.</p> <br /> <!-- <p class="helptext"><img src="../img/all_arr_blue.gif" width="10" height="10" border="0"> <a href="tutela_riservatezza_dati_personali.htm" class="staticlink">informativa sul trattamento dei dati personali</a></p> --> <div align="center"> <input class="button" value="chiudi" type="button" onclick="window.close()" ID="CloseButton" NAME="CloseButton"> </div> <td width="10"><img src="../img/spacer.gif" width="10" height="1" border="0" alt=""> <td valign="bottom" colspan="3"> <!-- Begin Footer --> <table width="100%" border="0" cellspacing="0" cellpadding="0" ID="Table3"> <tr height="10"> <td valign="top"><img src="../img/spacer.gif" width="1" height="10" border="0" alt=""> <td bgcolor="#000000" valign="bottom"><img src="../img/spacer.gif" width="100%" height="1" border="0" alt=""> <tr height="30"> 2/11/2009 5:25:05 PM 26/28

27 2/11/2009 5:25:05 PM 27/28

28 Application Data Application URLs /11/2009 5:25:05 PM 28/28

Similar documents

HTML Fails: What No One Tells You About Email HTML

HTML Fails: What No One Tells You About Email HTML HTML Fails: What No One Tells You About Email HTML 2 Today s Webinar Presenter Kate McDonough Campaign Manager at PostUp Worked with various ESPs: Constant Contact, Campaign Monitor, ExactTarget, Distribion

More information

Hypertext for Hyper Techs

Hypertext for Hyper Techs Hypertext for Hyper Techs An Introduction to HTTP for SecPros Bio Josh Little, GSEC ~14 years in IT. Support, Server/Storage Admin, Webmaster, Web App Dev, Networking, VoIP, Projects, Security. Currently

More information

TabCaratteri="0123456789abcdefghijklmnopqrstuvwxyz._~ABCDEFGHIJKLMNOPQRSTUVWXYZ";

TabCaratteri=0123456789abcdefghijklmnopqrstuvwxyz._~ABCDEFGHIJKLMNOPQRSTUVWXYZ; Script / Utlity www.dominioweb.org Crea menu laterale a scomparsa Creare una pagina protetta da password. Lo script in questione permette di proteggere in modo abbastanza efficace, quelle pagine che ritenete

More information

reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002)

reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002) 1 cse879-03 2010-03-29 17:23 Kyung-Goo Doh Chapter 3. Web Application Technologies reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002) 1. The HTTP Protocol. HTTP = HyperText

More information

Secure Testing Service

Secure Testing Service Secure Testing Service Overview and pre-release use Authors: Andrej Sokoll Matthew Loewengart Revisions: 2011 Version 1.0 Page 2 Contents Overview... 3 Background... 3 How does the secure testing service

More information

GEMFIND. We Handle The Journey. So You Can Focus On The Destination. WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999

GEMFIND. We Handle The Journey. So You Can Focus On The Destination. WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999 GEMFIND WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999 We Handle The Journey So You Can Focus On The Destination COMPANY Your Jewelry Technology Team We Handle Your Entire Digital Experience WEB

More information

This tutorial assumes that you are familiar with ASP.Net and ActiveX controls.

This tutorial assumes that you are familiar with ASP.Net and ActiveX controls. ASP.Net with Iocomp ActiveX controls This tutorial assumes that you are familiar with ASP.Net and ActiveX controls. Steps to host an Iocomp ActiveX control in an ASP.NET page using Visual Studio 2003 The

More information

T14 SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc BIO PRESENTATION. Thursday, May 18, 2006 1:30PM

T14 SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc BIO PRESENTATION. Thursday, May 18, 2006 1:30PM BIO PRESENTATION T14 Thursday, May 18, 2006 1:30PM SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc International Conference On Software Testing Analysis and Review May

More information

Hack Yourself First. Troy Hunt @troyhunt troyhunt.com [email protected]

Hack Yourself First. Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com Hack Yourself First Troy Hunt @troyhunt troyhunt.com [email protected] We re gonna turn you into lean, mean hacking machines! Because if we don t, these kids are going to hack you Jake Davies, 19 (and

More information

Information Extraction Art of Testing Network Peripheral Devices

Information Extraction Art of Testing Network Peripheral Devices OWASP AppSec Brazil 2010, Campinas, SP The OWASP Foundation http://www.owasp.org Information Extraction Art of Testing Network Peripheral Devices Aditya K Sood, SecNiche Security ([email protected])

More information

Outline Definition of Webserver HTTP Static is no fun Software SSL. Webserver. in a nutshell. Sebastian Hollizeck. June, the 4 th 2013

Outline Definition of Webserver HTTP Static is no fun Software SSL. Webserver. in a nutshell. Sebastian Hollizeck. June, the 4 th 2013 Definition of in a nutshell June, the 4 th 2013 Definition of Definition of Just another definition So what is it now? Example CGI php comparison log-file Definition of a formal definition Aisaprogramthat,usingthe

More information

GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr

GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr HTTP/1.1 200 OK Date: Thu, 20 Oct 2005 14:42:54 GMT Server: Apache/2.0.50 (Linux/SUSE) Last-Modified: Thu, 20 Oct 2005 14:41:56 GMT ETag: "2d7b4-14b-8efd9500"

More information

Agenda. 1. ZAPms Konzept. 2. Benutzer-Kontroller. 3. Laout-Aufbau. 4. Template-Aufbau. 6. Konfiguration. 7. Module.

Agenda. 1. ZAPms Konzept. 2. Benutzer-Kontroller. 3. Laout-Aufbau. 4. Template-Aufbau. 6. Konfiguration. 7. Module. Agenda. ZAPms Konzept.. Benutzer-Kontroller.. Laout-Aufbau.. Template-Aufbau. 5. Bildergalerie (Beispiel). 6. Konfiguration. 7. Module. . ZAPms Konzept Benutzer Web Server Benutzer-Kontroller www.domain/index.php

More information

<link rel="stylesheet" type="text/css" media="all" href="css/iphone.css" /> <!-- User defined styles -->

<link rel=stylesheet type=text/css media=all href=css/iphone.css /> <!-- User defined styles -->

More information

HTTP Protocol. Bartosz Walter <[email protected]>

HTTP Protocol. Bartosz Walter <Bartek.Walter@man.poznan.pl> HTTP Protocol Bartosz Walter Agenda Basics Methods Headers Response Codes Cookies Authentication Advanced Features of HTTP 1.1 Internationalization HTTP Basics defined in

More information

HTTP Caching & Cache-Busting for Content Publishers

HTTP Caching & Cache-Busting for Content Publishers HTTP Caching & Cache-Busting for Content Publishers Michael J. Radwin http://public.yahoo.com/~radwin/ OSCON 2005 Thursday, August 4th, 2005 1 1 Agenda HTTP in 3 minutes Caching concepts Hit, Miss, Revalidation

More information

HTTP Fingerprinting and Advanced Assessment Techniques

HTTP Fingerprinting and Advanced Assessment Techniques HTTP Fingerprinting and Advanced Assessment Techniques Saumil Shah Director, Net-Square Author: Web Hacking - Attacks and Defense BlackHat 2003, Washington DC The Web Hacker s playground Web Client Web

More information

Chapter 1 Introduction to web development and PHP

Chapter 1 Introduction to web development and PHP Chapter 1 Introduction to web development and PHP Murach's PHP and MySQL, C1 2010, Mike Murach & Associates, Inc. Slide 1 Objectives Applied 1. Use the XAMPP control panel to start or stop Apache or MySQL

More information

The Hyper-Text Transfer Protocol (HTTP)

The Hyper-Text Transfer Protocol (HTTP) The Hyper-Text Transfer Protocol (HTTP) Antonio Carzaniga Faculty of Informatics University of Lugano October 4, 2011 2005 2007 Antonio Carzaniga 1 HTTP message formats Outline HTTP methods Status codes

More information

Protocolo HTTP. Web and HTTP. HTTP overview. HTTP overview

Protocolo HTTP. Web and HTTP. HTTP overview. HTTP overview Web and HTTP Protocolo HTTP Web page consists of objects Object can be HTML file, JPEG image, Java applet, audio file, Web page consists of base HTML-file which includes several referenced objects Each

More information

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat November 2012 Legal Notices Document and Software Copyrights Copyright 1998-2012 by ShoreTel Inc., Sunnyvale, California, USA. All

More information

No. Time Source Destination Protocol Info 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.

No. Time Source Destination Protocol Info 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1. Ethereal Lab: HTTP 1. The Basic HTTP GET/response interaction 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.1 GET /ethereal-labs/http-ethereal-file1.html

More information

Penetration Testing for Web Applications (Part One) by Jody Melbourne and David Jorm last updated June 16, 2003

Penetration Testing for Web Applications (Part One) by Jody Melbourne and David Jorm last updated June 16, 2003 Seite 1 von 5 Penetration Testing for Web Applications (Part One) by Jody Melbourne and David Jorm last updated June 16, 2003 This is the first in a series of three articles on penetration testing for

More information

CloudOYE CDN USER MANUAL

CloudOYE CDN USER MANUAL CloudOYE CDN USER MANUAL Password - Based Access Logon to http://mycloud.cloudoye.com. Enter your Username & Password In case, you have forgotten your password, click Forgot your password to request a

More information

THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6

THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6 The Proxy Server THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6 2 1 Purpose The proxy server acts as an intermediate server that relays requests between

More information

Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet

Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet Prepared by: Roberto Suggi Liverani Senior Security Consultant Security-Assessment.com

More information

CS640: Introduction to Computer Networks. Applications FTP: The File Transfer Protocol

CS640: Introduction to Computer Networks. Applications FTP: The File Transfer Protocol CS640: Introduction to Computer Networks Aditya Akella Lecture 4 - Application Protocols, Performance Applications FTP: The File Transfer Protocol user at host FTP FTP user client interface local file

More information

Module 45 (More Web Hacking)

Module 45 (More Web Hacking) (More Web Hacking) In this Module, you'll lear how to use netcat to perform cursory server reconnaissance. You'll lear what a web proxy is and how it functions. You'll know how to enable your browser to

More information

URLs and HTTP. ICW Lecture 10 Tom Chothia

URLs and HTTP. ICW Lecture 10 Tom Chothia URLs and HTTP ICW Lecture 10 Tom Chothia This Lecture The two basic building blocks of the web: URLs: Uniform Resource Locators HTTP: HyperText Transfer Protocol Uniform Resource Locators Many Internet

More information

Project #2. CSE 123b Communications Software. HTTP Messages. HTTP Basics. HTTP Request. HTTP Request. Spring 2002. Four parts

Project #2. CSE 123b Communications Software. HTTP Messages. HTTP Basics. HTTP Request. HTTP Request. Spring 2002. Four parts CSE 123b Communications Software Spring 2002 Lecture 11: HTTP Stefan Savage Project #2 On the Web page in the next 2 hours Due in two weeks Project reliable transport protocol on top of routing protocol

More information

API. Application Programmers Interface document. For more information, please contact: Version 2.01 Aug 2015

API. Application Programmers Interface document. For more information, please contact: Version 2.01 Aug 2015 API Application Programmers Interface document Version 2.01 Aug 2015 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: [email protected] Page 1 Table of Contents Overview...

More information

Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion)

Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion) #Title: PHP LFI Bypass #Date : 12-July-2015 #Tested on: Kali Linux/ Windows 7 #Category : Papers #Exploit Author : Aaditya Purani Hello friends, This is Aaditya Purani and i will show you how to Bypass

More information

How To Create A Web Database From A Multimedia Resources Database On A Microsoft Web Browser On A Pc Or Mac Or Mac (For Free) On A Mac Or Ipad Or Ipa (For Cheap) On Pc Or Ipam (For Money

How To Create A Web Database From A Multimedia Resources Database On A Microsoft Web Browser On A Pc Or Mac Or Mac (For Free) On A Mac Or Ipad Or Ipa (For Cheap) On Pc Or Ipam (For Money How to Build a Web Database: A Case Study Introduction This paper shows you how to build a simple Web application using ColdFusion. If you follow the sample case study of the multimedia resources database

More information

Web Security Threat Report: January April 2007. Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots

Web Security Threat Report: January April 2007. Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots Web Security Threat Report: January April 2007 Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots What are we reporting? We are presenting real, live web attack data captured in-the-wild.

More information

Sticky Session Setup and Troubleshooting

Sticky Session Setup and Troubleshooting 1 Sticky Session Setup and Troubleshooting Day, Date, 2004 time p.m. ET Teleconference Access: US & Canada: 888-259-4812 Teleconference Access: North America: xxxx Toll Number: 706-679-4880 International:

More information

Coding HTML Email: Tips, Tricks and Best Practices

Coding HTML Email: Tips, Tricks and Best Practices Before you begin reading PRINT the report out on paper. I assure you that you ll receive much more benefit from studying over the information, rather than simply browsing through it on your computer screen.

More information

Vodia PBX RESTful API (v2.0)

Vodia PBX RESTful API (v2.0) Vodia PBX RESTful API (v2.0) 2015 Vodia Networks Inc. All rights reserved. Page 1 of 30 Contents Login... 3 Get license info... 4 Get a complete list of domains... 5 Get the details of a specific domain...

More information

World Wide Web. Before WWW

World Wide Web. Before WWW World Wide Web [email protected] Before WWW Major search tools: Gopher and Archie Archie Search FTP archives indexes Filename based queries Gopher Friendly interface Menu driven queries João Neves 2

More information

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3 Open-Xchange Authentication & Session Handling Table of Contents 1.Introduction...3 2.System overview/implementation...4 2.1.Overview... 4 2.1.1.Access to IMAP back end services...4 2.1.2.Basic Implementation

More information

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment? Questions 1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment? 4. When will a TCP process resend a segment? CP476 Internet

More information

Payment Page Integration Guide

Payment Page Integration Guide Payment Page Integration Guide Version 2.2 - May 2015 Table of Contents About this Guide...3 Introduction...4 Benefits of the Hosted Payment Page:...4 Submitting a Payment Request...5 Payment Request parameters...5

More information

Cyber Security Workshop Ethical Web Hacking

Cyber Security Workshop Ethical Web Hacking Cyber Security Workshop Ethical Web Hacking May 2015 Setting up WebGoat and Burp Suite Hacking Challenges in WebGoat Concepts in Web Technologies and Ethical Hacking 1 P a g e Downloading WebGoat and Burp

More information

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT) Internet Technologies World Wide Web (WWW) Proxy Server Network Address Translator (NAT) What is WWW? System of interlinked Hypertext documents Text, Images, Videos, and other multimedia documents navigate

More information

Chapter 27 Hypertext Transfer Protocol

Chapter 27 Hypertext Transfer Protocol Chapter 27 Hypertext Transfer Protocol Columbus, OH 43210 [email protected] http://www.cis.ohio-state.edu/~jain/ 27-1 Overview Hypertext language and protocol HTTP messages Browser architecture CGI

More information

<?xml version= 1.0?> <!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.

<?xml version= 1.0?> <!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional. dhtml

More information

EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide

EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide EXPLORATiON in THE CROSS TERRiTORY the inevitable continuation of my first paper: Cross Site Scripting - Attack and Defense guide By Xylitol Summary: The Cross Frame Scripting \ Theoretical explanation

More information

In this chapter, you will learn how to...

In this chapter, you will learn how to... LEARNING OUTCOMES In this chapter, you will learn how to... Create a table on a web page Apply attributes to format tables, table rows, and table cells Increase the accessibility of a table Style an HTML

More information

Installing BankID Security Application in corporate environments

Installing BankID Security Application in corporate environments Installing BankID Security Application in corporate environments 2015-06-16 Installing BankID Security Application in corporate environments Version: 2.5 Date: 2015-06-16 Installing BankID Security Application

More information

By Bardia, Patit, and Rozheh

By Bardia, Patit, and Rozheh HTTP By Bardia, Patit, and Rozheh HTTP - Introduction - Hyper Text Transfer Protocol -uses the TCP/IP technology -has had the most impact on the World Wide Web (WWW) - specs in RFC 2616 (RFC2616) HTTP

More information

Introduction Les failles les plus courantes Les injections SQL. Failles Web. Maxime Arthaud. net7. Jeudi 03 avril 2014.

Introduction Les failles les plus courantes Les injections SQL. Failles Web. Maxime Arthaud. net7. Jeudi 03 avril 2014. Maxime Arthaud net7 Jeudi 03 avril 2014 Syllabus Introduction Exemple de Requête Transmission de données 1 Introduction Exemple de Requête Transmission de données 2 3 Exemple de Requête Transmission de

More information

Network Technologies

Network Technologies Network Technologies Glenn Strong Department of Computer Science School of Computer Science and Statistics Trinity College, Dublin January 28, 2014 What Happens When Browser Contacts Server I Top view:

More information

Laboratory Instructions & Incubator Guide

Laboratory Instructions & Incubator Guide PROJECT: RO/03/B/P/PP175006 TITLE: New Forms of Learning & Basic Skills for Advanced, inclusive Lifelong evet in Internet Generated Occupations Laboratory Instructions & Incubator Guide ecommerce/ ebusiness

More information

Web Application Report

Web Application Report Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012

More information

Introduction to web development and JavaScript

Introduction to web development and JavaScript Objectives Chapter 1 Introduction to web development and JavaScript Applied Load a web page from the Internet or an intranet into a web browser. View the source code for a web page in a web browser. Knowledge

More information

Architecture of So-ware Systems HTTP Protocol. Mar8n Rehák

Architecture of So-ware Systems HTTP Protocol. Mar8n Rehák Architecture of So-ware Systems HTTP Protocol Mar8n Rehák HTTP Protocol Hypertext Transfer Protocol Designed to transfer hypertext informa8on over the computer networks Hypertext: Structured text with

More information

Web Server Logs Analyze Using the XML Technologies

Web Server Logs Analyze Using the XML Technologies Web Server Logs Analyze Using the XML Technologies Author: Tayeb L. E-mail: [email protected] July 2002. We introduce here an approach to write and analyze server logs using the XML technology.

More information

Playing with Web Application Firewalls

Playing with Web Application Firewalls Playing with Web Application Firewalls Who is Wendel? Independent penetration test analyst. Affiliated to Hackaholic team. Over 7 years in the security industry. Discovered vulnerabilities in Webmails,

More information

Mobile Web Applications using HTML5. L. Cotfas 14 Dec. 2011

Mobile Web Applications using HTML5. L. Cotfas 14 Dec. 2011 Mobile Web Applications using HTML5 L. Cotfas 14 Dec. 2011 Reasons for mobile web development Many different platforms: Android, IPhone, Symbian, Windows Phone/ Mobile, MeeGo (only a few of them) Reasons

More information

Installing BankID Security Application in corporate environments

Installing BankID Security Application in corporate environments Installing BankID Security Application in corporate environments 2016-05-10 Installing BankID Security Application in corporate environments Version: 3.0.1 Date: 2016-05-10 Installing BankID Security Application

More information

Dissecting CSRF Attacks & Defenses. Mike Shema October 16, 2013

Dissecting CSRF Attacks & Defenses. Mike Shema October 16, 2013 Dissecting CSRF Attacks & Defenses Mike Shema October 16, 2013 Cross Site Request Forgery Identifying the confused, session-riding deputy. WHAT Putting the attack in context. WHY Analyzing & implementing

More information

TCP/IP Networking An Example

TCP/IP Networking An Example TCP/IP Networking An Example Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example intents to motivate the

More information

Java Web Application Security

Java Web Application Security Java Web Application Security RJUG Nov 11, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GIAC Network Security and Software Development Consulting Durkee Consulting

More information

GlassFish OpenSSO CAC Authentication Deployment Configuration Guide

GlassFish OpenSSO CAC Authentication Deployment Configuration Guide GlassFish OpenSSO CAC Authentication Deployment Configuration Guide For OpenSSO V8 into Sun Web Server 7 Author: Version: 1.0 Jeff Nester Sun Microsystems [email protected] Date: 9/23/2009 Table of Contents

More information

.NET Best Practices Part 1 Master Pages Setup. Version 2.0

.NET Best Practices Part 1 Master Pages Setup. Version 2.0 .NET Best Practices Part 1 Master Pages Setup Version 2.0 2014 CrownPeak Technology, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic

More information

Demystifying cache. Kristian Lyngstøl Product Specialist Varnish Software AS

Demystifying cache. Kristian Lyngstøl Product Specialist Varnish Software AS Demystifying cache Kristian Lyngstøl Product Specialist Varnish Software AS Montreal, March 2013 Agenda - The types of caches involved - The benefits of a cache - HTTP - Reverse proxy specifics Not: L1/L2

More information

Application layer Web 2.0

Application layer Web 2.0 Information Network I Application layer Web 2.0 Youki Kadobayashi NAIST They re revolving around the web, after all Name any Internet-related buzz: Cloud computing Smartphone Social media... You ll end

More information

Hack Yourself First. Troy Hunt @troyhunt troyhunt.com [email protected]

Hack Yourself First. Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com Hack Yourself First Troy Hunt @troyhunt troyhunt.com [email protected] We re gonna turn you into lean, mean hacking machines! Because if we don t, these kids are going to hack you Jake Davies, 19 (and

More information

HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common

More information

Google AdWords TM Conversion Tracking Guide

Google AdWords TM Conversion Tracking Guide Google AdWords TM Conversion Tracking Guide CONTENTS INTRODUCTION TO CONVERSION TRACKING...2 PRODUCT DESCRIPTION...2 OVERVIEW...2 DEFINITION OF TERMS...3 ADDING THE CODE SNIPPET...4 CONVERSION TRACKING

More information

MatrixSSL Getting Started

MatrixSSL Getting Started MatrixSSL Getting Started TABLE OF CONTENTS 1 OVERVIEW... 3 1.1 Who is this Document For?... 3 2 COMPILING AND TESTING MATRIXSSL... 4 2.1 POSIX Platforms using Makefiles... 4 2.1.1 Preparation... 4 2.1.2

More information

Deployment Guide. Caching (Static & Dynamic) Deployment Guide. A Step-by-Step Technical Guide

Deployment Guide. Caching (Static & Dynamic) Deployment Guide. A Step-by-Step Technical Guide Deployment Guide Caching (Static & Dynamic) Deployment Guide A Step-by-Step Technical Guide Deployment Guide Notice: The information in this publication is subject to change without notice. THIS PUBLICATION

More information

Internet Technologies Internet Protocols and Services

Internet Technologies Internet Protocols and Services QAFQAZ UNIVERSITY Computer Engineering Department Internet Technologies Internet Protocols and Services Dr. Abzetdin ADAMOV Chair of Computer Engineering Department [email protected] http://ce.qu.edu.az/~aadamov

More information

Acunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808)

Acunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Acunetix Website Audit 5 November, 2014 Developer Report Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Scan of http://filesbi.go.id:80/ Scan details Scan information Starttime 05/11/2014 14:44:06

More information

Chapter 1. Introduction to web development

Chapter 1. Introduction to web development Chapter 1 Introduction to web development HTML, XHTML, and CSS, C1 2010, Mike Murach & Associates, Inc. Slide 1 Objectives Applied 1. Load a web page from the Internet or an intranet into a web browser.

More information

Web Design Course. Home Page. Join in. Home. Objectives. Course Content. Assignments & Discussion. Grades. Help. Contact Me aab43@uakron.

Web Design Course. Home Page. Join in. Home. Objectives. Course Content. Assignments & Discussion. Grades. Help. Contact Me aab43@uakron. Home Page Web Design Course Join in Navigation Bar: Home Objectives Course Content Assignments & Discussion Grades Help Contact Me [email protected] Welcome to web design course., This course is designed

More information

Web Security Scan. 10 November, 2013. Developer Report

Web Security Scan. 10 November, 2013. Developer Report Web Security Scan 0 November, 203 Developer Report Scan of http://testphp.vulnweb.com Scan details Scan information Start time 0--203 7:6:39 Finish time 0--203 7:2:46 Scan time 5 minutes, 7 seconds Profile

More information

A Study on The Information Gathering Method for Penetration Testing

A Study on The Information Gathering Method for Penetration Testing 보안공학연구논문지 (Journal of Security Engineering), 제 5권 제 5호 2008년 10월 A Study on The Information Gathering Method for Penetration Testing Adrian Stoica 1) Abstract Information gathering is the initial stage

More information

CDN Operation Manual

CDN Operation Manual NTT Communications Cloudⁿ CDN Operation Manual Ver.1.1 Please refrain from secondary use such as distributing, reproducing, and transferring this document. 1 Version Number Edited on Revisions Ver.1.0

More information

Ethical Hacking as a Professional Penetration Testing Technique

Ethical Hacking as a Professional Penetration Testing Technique Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. [email protected] 2 Background Founder of Durkee Consulting since 1996

More information

Banners Broker è una. Compagnia di pubblicità online

Banners Broker è una. Compagnia di pubblicità online Banners Broker è una? Compagnia di pubblicità online un nuovo metodo di guadagnare online. Il nostro Prodotto è Impressioni Banner. 1 Advertising Parliamo dell Industria pubblicitaria online La pubblicità

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Penetration Testing Corporate Collaboration Portals. Giorgio Fedon, Co-Founder at Minded Security

Penetration Testing Corporate Collaboration Portals. Giorgio Fedon, Co-Founder at Minded Security Penetration Testing Corporate Collaboration Portals Giorgio Fedon, Co-Founder at Minded Security Something About Me Security Researcher Owasp Italy Member Web Application Security and Malware Research

More information

The Web: some jargon. User agent for Web is called a browser: Web page: Most Web pages consist of: Server for Web is called Web server:

The Web: some jargon. User agent for Web is called a browser: Web page: Most Web pages consist of: Server for Web is called Web server: The Web: some jargon Web page: consists of objects addressed by a URL Most Web pages consist of: base HTML page, and several referenced objects. URL has two components: host name and path name: User agent

More information

HTTP Response Splitting

HTTP Response Splitting The Attack HTTP Response Splitting is a protocol manipulation attack, similar to Parameter Tampering The attack is valid only for applications that use HTTP to exchange data Works just as well with HTTPS

More information

A70 How to Deploy Applications

A70 How to Deploy Applications Research In Motion A70 How to Deploy and Distribute Applications For BlackBerry SmartPhones Andre Fabris 09 2 P a g e Contents A70 How to Deploy Applications... 3 Introduction... 4 Desktop Manager... 5

More information

Security Audit Report

Security Audit Report Web Application www.future-processing.pl/security Security Audit Report Testing and Documentation: Paweł Hałdrzyński Table of Contents Introduction...3 Blind SQL Injection in Wybrane.aspx [high]...4 Unauthorized

More information
2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information