dfm covers
 
 

Fuzzing Risks for Rich HTML Applications

Written by DFMag


Fuzzing Risks for Rich HTML Applications

A recent research project showed that it was possible to shift money from bank accounts to multiple others in other banks by simply tampering the form scanner parameters on one account. The exploitation demonstrated the vulnerability of online banking sites when rich html applications are used to enhance the customer experience and insuffi cient care is taken to harden the site. The attack is commonly known as a cross-site scripting (XSS) attack and relies on session hijacking between the client side technologies and the server side services. The break is exploited in various ways to change the instructions and to circumvent a number of security features including one-time passwords (OTP).




Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Noemi Kuncik

Noemi Kuncik is an IT Forensics Specialist at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 30 on sale from February 2016:


Human Aspects of Security
This feature article is all about how today’s advanced attacks focus more on exploiting human flaws than system flaws. This article presents original field research using data gathered from products deployed around the world.  Read More »

Recent Advances in Forensic Radiology
This article describes all the recent advancements done till now in the field of forensic radiology.. Read More »

Subscribe today


BitCoin Targeted Phishing
This feature article is all about BitCoin and a Phishing attack. The article will explain what BitCoin is and how this Phishing attack was targeted at BitCoin. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue