Hacking web apps

0 0

On JavaPolis 2004 Erwin Geirnaert did a very nice presentation on hacking Web Applications. He gives an overview of how this can be achieved and then he gives some very nice examples for WebSphere and Weblogic. But my favorite is the website where he only changes the parameter patientId=12345 to patientId=* and gets the data of all patients. It is stunning to see how easy it can be to actually get access to the server itself or to retrieve confidential information and it should be a warning to all application server administrators and web developers. The presentation can be viewed on line.

About Post Author

Aino Andriessen

Aino Andriessen is principal consultant and expertise lead 'Continuous Delivery'. His focus is on Oracle Fusion Middleware ADF and SOA development, Continuous Delivery, architecture, improving the software development proces and quality management. He is a frequent presenter at Oracle Open World, ODTUG Kaleidoscope, UKOUG Technology Conference and OUGN Vårseminar. He writes articles and publishes at the AMIS technology blog (http://technology.amis.nl/blog/).

aino.andriessen@amis.nl

Happy

0 0 %

Sad

0 0 %

Excited

0 0 %

Sleepy

0 0 %

Angry

0 0 %

Surprise

0 0 %

Related posts:

Apache MyFaces (open source JSF implementation) – Using the Tree2 Component with JDeveloper 10.1.3 Unit testing Javascripts in Java 6 – Getting started with the javax.script api Apache My Faces Trinidad: triggering Partial Page Refresh ("AJAX") from non Trinidad components JavaOne 2008: OpenSSO – creating federated relationships for secure SaaS, Social Networking and Web 2.0 Dinsdag 18 september: Oracle Open World & JavaOne 2012 Preview mini-conferenties – 12 presentaties op 1 avond