If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.
You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!
Comments (2)
Robert Auger said
at 10:44 am on Dec 14, 2009
a) That will be hard to visualize as you speak. I think outlining each attack/weakness in 1 row each, and a column per development phase may how we would need to implement it.
b) I'm leaning that way as well.
c) Fingerprinting is missing from this view as it is a complex beast with no root solution/location.
d) The path traversal section does in fact cover both app level, and server level traversal attacks. However the scope of this particular view will not outline servers that are improperly patched. For example the code red unicode bug is an example of a traversal attack, however has been fixed and a patch exists. If you have a specific configuration example allowing for traversal please let me know and we can discuss/review it.
e) I agree, changed.
Colin Watson said
at 2:49 am on Dec 14, 2009
I like this idea of views.
a) Could this view be laid out in a four-column table instead, with all the attacks and weaknesses in the first column, and then a column for each phase, so that it is immediately apparent which issues apply to more than one phase?
b) I prefer "Development Phase View" to "Root Cause".
c) Is "Fingerprinting" missing from Deployment?
d) Should "Path Traversal " also be in Deployment, since configuration can affect the success of this attack?
e) I'm not sure, but would "Design" be a better heading than "Requirements"?
You don't have permission to comment on this page.