Hacking web apps

0

On JavaPolis 2004 Erwin Geirnaert did a very nice presentation on hacking Web Applications. He gives an overview of how this can be achieved and then he gives some very nice examples for WebSphere and Weblogic. But my favorite is the website where he only changes the parameter patientId=12345 to patientId=* and gets the data of all patients. It is stunning to see how easy it can be to actually get access to the server itself or to retrieve confidential information and it should be a warning to all application server administrators and web developers. The presentation can be viewed on line.

Share.

About Author

Aino Andriessen is a consultant on Enterprise Java, ADF, PL/SQL, XML, and SOA development and is Expertise Lead on Application Lifecycle Management (ALM). He has a strong interest in ADF, SOA, Maven, architecture, quality management, delivery and application lifecycle management. Aino publishes on the AMIS technology blog and has been a presenter at the ODTUG Kaleidoscope, Oracle Open World and UKOUG TechEbs.

Comments are closed.