Web hotspot news

Get the latest Web technolgies news and inside information. The faresweb.net's team bring you the greatest and hottest tech news, reviews, tips and editorials from around the world.

Web security - Cross Site Request Forgeries CSRF

Behind the barbarian word (which is pronounced "Sea Surf"), hides a very real attack vector, and easier to exploit than XSS (and one does not exclude the other). CSRF is about abusing the site's trust in users; and it is a concern that any developer / architect... must have all the time.

A CSRF is an attack that forces a user to run queries to a site victim without his knowledge. Typically more these users have elevated privileges on the victim site, more the damage is. It is more difficult to detect beacuse attacks seems perfectly legitimate.

Web security - Cross Site Scripting XSS

The Cross site scripting (abbreviated XSS to avoid confusion with the CSS), is one of the most common attacks in the Internet world today. It is about manipulating data from a private user without his knowledge.

Web security - Sessions and cookies

Many web applications use a session to make a customizable environment process users activities. As the HTTP protocol has been defined as a stateless protocol, it is theoretically impossible for HTTP to "remember" actions or someone as each HTTP request is completely independent of another.

Web security - Shared Accomodation

Today, more and more individuals and companies are attracted by the price of the "cloud". Let us undesrtand the reasons for shared hosting popularity before analyzing the underlying threats on sites security.

Web security - HTTP Sessions and Cookies

A web user activity is organized upon multiple requests into a logical entity that is enabled by HTTP sessions.

A HTTP session can not be secured without prior semantic code analysis on each elementary transaction. HTTP protocol is "stateless". When the user query the server at one point, it is not possible to know if the same user is querying the site or not at web server level, because the HTTP protocol was not designed to keep a state or a trace of a any transaction.

Each query is a single entity, and requests are all independent of one another. For a web application, a context is created to keep track of the user as and whatever he is on when he access the web application. This session context has to be secure.

  1. Security key points when developping web applications
  2. Yahoo! Clues
  3. Swiffy versus Wallaby
  4. Adobe AIR ne sera plus compatible avec Linux

Page 3 of 7

Search

Latest Articles

Categories

Tags

No Tags found.
© 2009-2019 faresweb.net. All Rights Reserved.

Please publish modules in offcanvas position.