Security

OWASP Top Ten Project 2013 No 8 – Cross-Site Request Forgery (CSRF)

Jens Kleinschmidt 2017-01-23 Blog, Security

In order to counter a CSRF attack, the strategy proven most effective is the synchronizer token pattern. In the absence of an attack it works as follows: Presented with a request from an authorized user, the web application generates a cryptographically

OWASP Top Ten Project 2013 No 9 – Using Components with Known Vulnerabilities

Jens Kleinschmidt 2017-01-16 Blog, Security

Intershop updates components and libraries with every major and some minor releases, closing potential security leaks by the updated components and libraries. The Intershop Support department informs about important security updates via newsletter security bulletin that is regularly sent to

OWASP Top Ten Project 2013 No 10 – Unvalidated Redirects and Forwards

Jens Kleinschmidt 2017-01-09 Blog, Security

Intershop internally implements redirects as countermeasure for ‘login via back button’ vulnerability. But the Redirect pipeline’s start node Start has the call mode set as private, and thus cannot be called directly with an HTTP request. Intershop recommends to generally

OWASP Top Ten Project 2013

Jens Kleinschmidt 2017-01-092017-03-14 Blog, Security

In the forthcoming weeks I’ll address the top ten from the Open Web Application Security Project (OWASP) with Intershop Commerce Management from 2013 as the update of 2016 will take a little bit longer. As soon as the update comes out

Security

OWASP Top Ten Project 2013 No 8 – Cross-Site Request Forgery (CSRF)

OWASP Top Ten Project 2013 No 9 – Using Components with Known Vulnerabilities

OWASP Top Ten Project 2013 No 10 – Unvalidated Redirects and Forwards

OWASP Top Ten Project 2013

Recent Posts

Tags