search for: webappsec

Hi all, My team and I are finding ourselves a little in the dark about the "CSRF Protection Bypass in Ruby on Rails" vulnerability that was announced yesterday - http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails 1. Where is the complete Advisory? The Impact section is very unclear. Looking at the comment in the 2.3 patch mentions "Flash animations and

Today there was a posting by Stefano di Paola to the Web Security Mailing List, http://www.webappsec.org/lists/websecurity about "HTTP Parameter Pollution", with a reference to his and Luca Carettoni presentation at http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf The point is that different web servers/backends behave differently when handling requests such a...