WASP and download the different security
scanners
and scan for the security loop holes.
Best Regards
Vishnu NV
-Original Message-
From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
Sent: Thursday, June 03, 2010 8:44 AM
To: Struts Users Mailing List
Subject: Re: Encrypting parameters
Hi,
r is that it can't be viewed by the
>>> user
>>> >> in the url. But a attacker can still edit the header and attack the
>>> >> application without much trouble.
>>> >>
>>> >> To improve security you can validate the parameter proper
y the
>> user
>> >> in the url. But a attacker can still edit the header and attack the
>> >> application without much trouble.
>> >>
>> >> To improve security you can validate the parameter properly where you
>> >> receive the parameter
ly where you
> >> receive the parameter. For example number only or does not contains
> invalid
> >> characters in string for eg, <,>,_ ,/, etc like that.
> >>
> >> Another good thing will be to implement SSL.
> >>
> >> Now you can also go to OWASP
gt;
>> Best Regards
>> Vishnu NV
>>
>> -Original Message-
>> From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
>> Sent: Thursday, June 03, 2010 8:44 AM
>> To: Struts Users Mailing List
>> Subject: Re: Encrypting parameters
>>
>> Hi,
>>
>
gt; From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
> Sent: Thursday, June 03, 2010 8:44 AM
> To: Struts Users Mailing List
> Subject: Re: Encrypting parameters
>
> Hi,
>
> I don't think its a good idea to expose the URLs to the users in a secure
> application. Avoid GET
---Original Message-
From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
Sent: Thursday, June 03, 2010 8:44 AM
To: Struts Users Mailing List
Subject: Re: Encrypting parameters
Hi,
I don't think its a good idea to expose the URLs to the users in a secure
application. Avoid GET requests and sti
Hi,
I don't think its a good idea to expose the URLs to the users in a secure
application. Avoid GET requests and stick to POST. Also, sticking to
request forwarding instead of redirects will keep the URL fixed on the
browser's address bar. You might have some issues with back button because
o
On 6/2/10 11:22 PM, Stephane Cosmeur wrote:
I would like to improve the security of my web application. My problem is I
would like to encrypt the visible parameters in the URL to prevent user to
change it to access data he should not see.
No amount of obfuscation can prevent someone from eventu
9 matches
Mail list logo
