USE OF MAGIC URLS, PREDICTABLE COOKIES, AND HIDDEN FORM FIELDS


Please sign in to view the rest of this entry.

USE OF MAGIC URLS, PREDICTABLE COOKIES, AND HIDDEN FORM FIELDS
1011404USE OF MAGIC URLS, PREDICTABLE COOKIES, AND HIDDEN FORM FIELDS
<anchor role="natural" id="p2001b4bf9980076"></anchor><emphasis role="bold">OVERVIEW OF THE SIN</emphasis> Imagine going to a web site to buy a car at any price you want! This could happen if the web site uses data from a web hidden form to determine the car price. Remember, there’s nothing stopping a user from looking at the source content, and then sending an “updated” form with a massively reduced price (using Perl, for example…
Citation
Michael Howard; David LeBlanc; John Viega: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. USE OF MAGIC URLS, PREDICTABLE COOKIES, AND HIDDEN FORM FIELDS, Chapter (McGraw-Hill Professional, 2010), AccessEngineering Export