dfm covers
 
 

Fuzzing Risks for Rich HTML Applications

Written by DFMag


Fuzzing Risks for Rich HTML Applications

A recent research project showed that it was possible to shift money from bank accounts to multiple others in other banks by simply tampering the form scanner parameters on one account. The exploitation demonstrated the vulnerability of online banking sites when rich html applications are used to enhance the customer experience and insuffi cient care is taken to harden the site. The attack is commonly known as a cross-site scripting (XSS) attack and relies on session hijacking between the client side technologies and the server side services. The break is exploited in various ways to change the instructions and to circumvent a number of security features including one-time passwords (OTP).




Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Cyber Attack, Cyber Crime, Cyber Warfare - Cyber Complacency

Mark Osbourne's latest book covers all things Cyber. All proceeds from the book go to charity.

Meet the Authors

Angus Marshall

Angus Marshall is an independent digital forensic practitioner, author and researcher

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 19 on sale from May 2014:


Big Data
Andrew Pimlott and his team at EY take a look at Big Bata risk, the creation of compliance data analytics dashboards, predictability fraud models that help predict fraud, cybercrime analytics and financial services analytics. Read More »

The Roboto Project
Jonathan Rajewski continues his look at Google Glass and the Forensic Analysis of this exciting new technology. The potential uses for this technology are significant and as such will have a plethora of artefacts for potential evidential purposes. Read More »

Subscribe today


Dental Biometrics
Aqsa Ajaz takes a look at Dental biometrics and investigates how it is is used in forensic odontology to identify individuals based on their dental characteristics. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue