Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Application Worms
OWASP 2005
Matt Fisher, Sr. Engineer
SPI Dynamics
OWAS
P
AppSe
c
DC
October
2005 The OWASP
http://www.owasp.org/
Foundation
Happy Anniversary !
Non-Public Systems
Intranets, access-restricted extranets, web services
Restricts search
terms to URL itself
(buggy)
Want the
source to be
external; not
Want the source to on the same
Further
be specified in the site qualifier
client
Depends on what
you’re interested in !
Everyone
Thought We
Were
Crazy ….
Turns ‘ into \’
URLEncoded characters
PHP Fwrite command
PHP Fopen command
Viewtopic by itself could be anything. Add phpBB’s footer and it’s more accurate
Remedial Action suggested to immediate users of the software was to remove the
“URLDECODE”
Security applies
Customer performs any missing
patches or tweaks
acceptance testing configuration
Security discovers
Deployment begins
application vulnerabilities
Audit Development
Auditors, Dev, Developers
Compliance, and
Business Subject
Matter Experts
(SME)
Production QA
Security QA and
Operations Developers
and Auditors
Matt Fisher
mfisher@spidynamics.com
240.463.9030