Palisade Magazine
 
Session Riding Attacks

August 2006

Session Riding Attacks

by Balaji V

A session riding attack (also called a Cross Site Request Forging attack) is a technique to spoof requests on behalf of other users. It lets adversaries spoof online transactions, modify user details, siphon off funds. And that’s only the beginning. In this article, we show how the attack works and the defenses we need to put in place. The key to understanding session riding is Cookie-based session management - the most popular form of session management. So, let’s turn to that first.… more →

Anti-Phishing Techniques - Protection Measures

by Jose Varghese, CISSP, GSEC, GCIH, CBCP, BS7799 LA

If you are an Internet Banking user, you probably are already aware of phishing. If you are charged with the responsibility on building and operating an e-commerce application, phishing is probably one of your Top 3 concerns. Statistics indicate that more than 1000 phishing attacks are launched every month. To minimize impact of phishing attacks we need to look at protection, detection and response measures.… more →

Are Complex Passwords Really Necessary?

by Roshen Chandran, CISSP

Why it’s silly to enforce passwords like “2@$Rw0rd~” in web applications. Insist on complex passwords in your Windows LAN. But, not in your web applications. In this issue we put complex passwords in perspective. We first discuss how they enhance the security of Windows LANs, and then show why they are less relevant for web apps.… more →

QuizQuiz: Identifying buffer overflow attack

An attacker enters a long nasty looking string into the date field. The input overwrites parts of the running program and executes commands on the server. What type of attack just took place?

  1. SQL Injection attack
  2. Buffer Overflow attack
  3. Cross Site Scripting attack

more →

On the blog recently

Past quizzes

  • Dec '05 : What’s the best strategy to validate the inputs in our application?
  • Jul '06 : Which of these techniques helps in preventing passwords being stolen from the browser?
  • Dec '04 : What is the best approach to take while designing a cryptographic solution?
  • Jul '08 : A new proposal has been formed by W3C, to incorporate Web 2.0 developer's demands, by allowing cross site requests. Which among the following is the said proposal?
  • Jul '05 :

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award