dfm covers
 
 

Fuzzing Risks for Rich HTML Applications

Written by DFMag


Fuzzing Risks for Rich HTML Applications

A recent research project showed that it was possible to shift money from bank accounts to multiple others in other banks by simply tampering the form scanner parameters on one account. The exploitation demonstrated the vulnerability of online banking sites when rich html applications are used to enhance the customer experience and insuffi cient care is taken to harden the site. The attack is commonly known as a cross-site scripting (XSS) attack and relies on session hijacking between the client side technologies and the server side services. The break is exploited in various ways to change the instructions and to circumvent a number of security features including one-time passwords (OTP).




Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Cyber Attack, Cyber Crime, Cyber Warfare - Cyber Complacency

Mark Osbourne's latest book covers all things Cyber. All proceeds from the book go to charity.

Meet the Authors

Dr Tim Watson

Dr Tim Watson is the head of the Department of Computer Technology at De Montfort University

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 21 on sale from November 2014:


Big Data
Andrew Pimlott examines Big Bata risk, creation of compliance data analytics dashboards, predictability fraud models that help predict fraud, cybercrime analytics and financial services analytics. Read More »

Finding the Relevant Artefact in Visual Content
Jan Willem Klerkx explains how the University of Amsterdam solved the problem of finding artefacts in pictures in an effective way.  Read More »

Subscribe today


Dental Biometrics
Aqsa Ajaz takes a look at Dental biometrics and investigates how it is is used in forensic ontology to identify individuals based on their dental characteristics. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue