Displaying 2 results from an estimated 2 matches for "webappsec".
Did you mean:
webapps
2011 Feb 09
2
CSRF Protection Bypass in Ruby on Rails - I don't get it ...
Hi all,
My team and I are finding ourselves a little in the dark about the
"CSRF Protection Bypass in Ruby on Rails" vulnerability that was
announced yesterday - http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
1. Where is the complete Advisory? The Impact section is very unclear.
Looking at the comment in the 2.3 patch mentions "Flash animations and
2009 May 21
0
"HTTP Parameter Pollution" and Rails
Today there was a posting by Stefano di Paola to the Web Security
Mailing List,
http://www.webappsec.org/lists/websecurity
about "HTTP Parameter Pollution", with a reference to his and Luca
Carettoni presentation at
http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf
The point is that different web servers/backends behave differently when
handling requests such a...