Blocking malicious URLs

Monday, 4 August 2003, 12:17 AM EST

Many years ago, Tim Berners-Lee, father of the World Wide Web, spoke at a conference. His message was that URLs that users could decipher were a bad idea. Web applications should employ URLs that are deliberately complex—black boxes for which only the Web server has a key. That way, programmers could ensure and control the user experience.

This makes sense from a security perspective as well: Apart from exposing the underlying logic of Web applications in a way that invites exploits like SQL injection, easily apprehended URLs facilitate attacks based on legal but malicious HTTP requests designed to break a server. Many exploits on many Web servers—most often Microsoft IIS—have been based on URLs that were technically legal but employed buffer overflows or similar techniques.

[ Read more ]




Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //