search for: webappsec

Displaying 2 results from an estimated 2 matches for "webappsec".

Did you mean: webapps
2011 Feb 09
2
CSRF Protection Bypass in Ruby on Rails - I don't get it ...
Hi all, My team and I are finding ourselves a little in the dark about the "CSRF Protection Bypass in Ruby on Rails" vulnerability that was announced yesterday - http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails 1. Where is the complete Advisory? The Impact section is very unclear. Looking at the comment in the 2.3 patch mentions "Flash animations and
2009 May 21
0
"HTTP Parameter Pollution" and Rails
Today there was a posting by Stefano di Paola to the Web Security Mailing List, http://www.webappsec.org/lists/websecurity about "HTTP Parameter Pollution", with a reference to his and Luca Carettoni presentation at http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf The point is that different web servers/backends behave differently when handling requests such a...