|Main Archive Page > Month Archives > websecurity archives|
> Thanks for the kind words on the talk..
> If you check out the visio at:
> http://www.sensepost.com/blogstatic/2007/08/dxsrt.png you will see that
> its pretty much the same attack..
Ah, I hadn't actually seen the visio slides. Do you have a link to them? I can't traverse upwards and would love to link this.
> In a shameless display of self-pimpage, check out the paper
> from page 12.. Figure 23 for example shows the results in a
I actually hadn't read this, but I will now :)
You don't outline explicity brute forcing in this text just to identify if a user is logged in or not (which your talk is referenced) and some of the issues related to doing it.
I'll update the post with a reference to your great read :)
Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]