{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

information-leakage - Detection Prevention Protection ,such...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Devin Biggers and Aaron Smalls
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
What is Information Leakage? Detection Prevention Protection
Background image of page 2
“Information Leakage is an application weakness  where an application reveals sensitive data, such  as technical details of the web application,  environment, or user-specific data.”  – The Web Application Security Consortium
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Insufficient Censorship Improper Application or Server Configurations Missing Catch Block Dangerous Application Responses
Background image of page 4
Bad Practice! Developers leaving comments used for pre-production  debugging in the public release of the program What could be at risk Server directory structures SQL query structure Internal network structure
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
<TABLE border="0" cellPadding="0" cellSpacing="0" height="59“ width="591"> <TBODY> <TR> <!--If the image files fail to load, check/restart 192.168.0.110 --> <TD bgColor="#ffffff" colSpan="5" height="17" width="587"> </TD> </TR>
Background image of page 6
How does this happen? Software version numbers Elaborate error messages What could be at risk?
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}