information-leakage

information-leakage - Devin Biggers and Aaron Smalls What...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Devin Biggers and Aaron Smalls What is Information Leakage? Detection Prevention Protection Information Leakage is an application weakness where an application reveals sensitive data, such as technical details of the web application, environment, or user-specific data. The Web Application Security Consortium Insufficient Censorship Improper Application or Server Configurations Missing Catch Block Dangerous Application Responses Bad Practice! Developers leaving comments used for pre-production debugging in the public release of the program What could be at risk Server directory structures SQL query structure Internal network structure <TABLE border="0" cellPadding="0" cellSpacing="0" height="59 width="591"> <TBODY> <TR> <!--If the image files fail to load, check/restart 192.168.0.110 --> <TD bgColor="#ffffff" colSpan="5" height="17" width="587"> </TD> </TR> How does this happen? Software version numbers Elaborate error messages What could be at risk?...
View Full Document

Page1 / 20

information-leakage - Devin Biggers and Aaron Smalls What...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online