Redirection: please explain how it's done.
in [Anti-Virus]
|
From: RayLopez99 on 10 Aug 2010 19:45 I am doing programming stuff with SOAP web services via Silverlight. A database is also involved (Microsoft SQL Server). I'd like to know if somehow somebody can take my app and somehow redirect it so it takes a user to some malware sight and/or steals the data that comes from the web services server. If that makes sense. The URL is http, not https. I really don't know much about this topic, but I can't off the top of my head figure out how somebody would do a redirect, since I own the web services server, and the user would be getting web services data from my server through my Silverlight app residing on the server. But I notice that some IDEs and programming languages talk about "anti- spoofing" measures so I assume it must somehow be possible, akin to a SQL Injection attack popular a decade ago. How is it done? Please explain. RL
From: Sharky on 11 Aug 2010 22:16 RayLopez99 wrote: >I am doing programming stuff with SOAP web services via Silverlight. >A database is also involved (Microsoft SQL Server). I'd like to know >if somehow somebody can take my app and somehow redirect it so it >takes a user to some malware sight and/or steals the data that comes >from the web services server. If that makes sense. The URL is http, >not https. > >I really don't know much about this topic, but I can't off the top of >my head figure out how somebody would do a redirect, since I own the >web services server, and the user would be getting web services data >from my server through my Silverlight app residing on the server. > >But I notice that some IDEs and programming languages talk about "anti- >spoofing" measures so I assume it must somehow be possible, akin to a >SQL Injection attack popular a decade ago. > >How is it done? Please explain. > >RL RTFM http://www.owasp.org/index.php/Main_Page
From: RayLopez99 on 12 Aug 2010 05:16 On Aug 12, 5:16 am, Sharky <sha...(a)hellsgates.cor> wrote: > RayLopez99 wrote: ecade ago. > > >How is it done? Please explain. > > >RL > > RTFMhttp://www.owasp.org/index.php/Main_Page I take it you are a member. Can you please post the question above at the OWASP forum, and let me know what they say? I don't want to spend $50, the membership fee, to find out... <g>. Thanks, RL The Open Web Application Security Project (OWASP) is a 501c3 not-for- profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
|
Pages: 1 Prev: I received a warning from Google ...... Next: Tustyhound.rem |