dfm covers
 
 

Fuzzing Risks for Rich HTML Applications

Written by DFMag


Fuzzing Risks for Rich HTML Applications

A recent research project showed that it was possible to shift money from bank accounts to multiple others in other banks by simply tampering the form scanner parameters on one account. The exploitation demonstrated the vulnerability of online banking sites when rich html applications are used to enhance the customer experience and insuffi cient care is taken to harden the site. The attack is commonly known as a cross-site scripting (XSS) attack and relies on session hijacking between the client side technologies and the server side services. The break is exploited in various ways to change the instructions and to circumvent a number of security features including one-time passwords (OTP).




Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Scott C. Zimmerman

Scott C. Zimmerman is a CISSP qualified Information Security consultant and presenter

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 29 on sale from November 2016:


Penetration Testing Tutorials
Andy Swift will be continuing his series on penetration testing, sheding some light on techniques that can be combined with basic tools to take an ordinary attack that few steps further. Read More »

Recent Advances in Forensic Radiology
This article describes all the recent advancements done till now in the field of forensic radiology.. Read More »

Subscribe today


Forensic approach to ATM fraud
This article gives an overview of the techniques used by ATM attackers as well as the types of threats and challenges the forensics examiner faces in investigating skimming devices. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue