I published the following diary on isc.sans.org: “HTTP Headers… the Achilles’ heel of many applications“.
When browsing a target web application, a pentester is looking for all “entry†or “injection†points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a website with many forms and gadgets where visitors may interact with it. Classic vulnerabilities (XSS, SQLi) are based on the user input that is abused to send unexpected data to the server… [Read more]
One comment