SEARCH RESULTS
 
Showing 1-2 of 2 records
1
 
Expand article

DWR 2.0.5 Fixes XSS Vulnerability

2008-06-30 03:04:21 by Chris Eng in Zero in a bit
 
...DWRs Ajax implementation, download and install this update now As an aside, Ive been a fan of DWR for a while now, not only because of its ease of integration but also because it was the first Ajax framework to offer built-in CSRF protection. You could tell that Joe Walker was taking security seriously. For this particular vulnerability, I...
 
Tags: vulnerability, xss vulnerability, code, dwr, tiny code change, attack surface post, dwrs ajax implementation, ajax framework, saturday night
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 2

2008-07-07 21:10:25 by Chris Eng in Zero in a bit
 
...DWRs full functionality specifically, we interact with it using the plaincall method only, so we made sure that the features we didnt need were disabled via the configuration file. As it turned out, there were vulnerable code paths prior to the do you have this thing disabled check. In hindsight, if we had taken more time to understand the...
 
Tags: dwr-invoker dwr, dwr-invoker, dwr library, dwr, library, security, dwr dispatcher, security posture, point-in-time application profile
 
 
 
 
 
Showing 1-2 of 2 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia