Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. Careers-and-certifications
  3. Proxies-add-protective-shield
  4. Page
  5. Proxies Add a Protective Shield: Page 11 of 22
Careers and Certifications

Proxies Add a Protective Shield: Page 11 of 22

Web security proxies--aka, Web application firewalls--can detect and mitigate common attacks, but configuration is crucial. Kavado InterDo and Sanctum AppShield ran neck-and-neck, but AppShield captured the top spot--for now.
March 10, 2003

Forceful browsing: Making a request to a nonpublic directory to get a directory listing of contents. Our /inc/ directory on the server contained sensitive logic scripts.

Username/password SQL tampering: Attempting to log into the application by submitting a password that manipulates the SQL query into providing access for any valid user name, without needing the appropriate password.

Hidden field-price manipulation: The price of an item is passed to the shopping cart as a hidden form parameter; by changing the hidden value, we could change the price we were charged for the item.

URL query SQL manipulation: Manipulation of a URL query parameter to cause a SELECT/LIKE statement to display additional data.

PHP multipart DoS: (CVE-2002-0081) Certain versions of PHP contain buffer overflows as well as denial of service attacks within the multipart file upload code. By sending a multipart upload data with a malformed Content-Disposition header, we could cause PHP (and thus the Apache child process) to crash.

Tags:

News
Careers and Certifications