OWASP AppSec Asia 2008: Proxy Caches and Web Application Security

10-03-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

OWASP AppSec Asia 2008: Proxy Caches and Web Application Security

Tim Bass
10-03-2008 04:05 AM
Back to travelling a bit, I have accepted an invitation from Wayne Huang, Chapter Leader, OWASP Taiwan,* to give the following presentation at OWASP AppSec Asia 2008, October 27 - 28, 2008, in Taipei:

Proxy Caches and Web Application Security

Abstract:* Proxy caches, combined with poorly written session management code, can easily lead to serious Internet security breaches. Web application developers cannot know whether their content is consumed directly or via a proxy cache. Developers cannot assume that the HTTP responses will be delivered to the intended browser. Moreover, developers cannot be sure that the intended browser even receives the intented content. Consequently, proxy caches are a serious theat to web application security. *In the presentation, we will discuss the recent security breach Tim found in Google Docs and review web application security and session management topics related to proxy caching.

Source...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Net::Proxy::Connector::connect(3pm) User Contributed Perl Documentation Net::Proxy::Connector::connect(3pm) NAME
Net::Proxy::Connector::connect - Create CONNECT tunnels through HTTP proxies SYNOPSIS
# sample proxy using Net::Proxy::Connector::tcp # and Net::Proxy::Connector::connect use Net::Proxy; # listen on localhost:6789 # and proxy to remotehost:9876 through proxy.company.com:8080 # using the given credentials my $proxy = Net::Proxy->new( in => { type => 'tcp', port => '6789' }, out => { type => 'connect', host => 'remotehost', port => '9876', proxy_host => 'proxy.company.com', proxy_port => '8080', proxy_user => 'jrandom', proxy_pass => 's3kr3t', proxy_agent => 'Mozilla/4.04 (X11; I; SunOS 5.4 sun4m)', }, ); $proxy->register(); Net::Proxy->mainloop(); DESCRIPTION
"Net::Proxy::Connecter::connect" is a "Net::Proxy::Connector" that uses the HTTP CONNECT method to ask the proxy to create a tunnel to an outside server. Be aware that some proxies are set up to deny the creation of some outside tunnels (either to ports other than 443 or outside a specified set of outside hosts). This connector is only an "out" connector. CONNECTOR OPTIONS
"Net::Proxy::Connector::connect" accepts the following options: "out" o host The destination host. o port The destination port. o proxy_host The web proxy name or address. o proxy_port The web proxy port. o proxy_user The authentication username for the proxy. o proxy_pass The authentication password for the proxy. o proxy_agent The user-agent string to use when connecting to the proxy. AUTHOR
Philippe 'BooK' Bruhat, "<book@cpan.org>". BUGS
All the authentication schemes supported by "LWP::UserAgent" should be supported (we use an "LWP::UserAgent" internally to contact the proxy). This means we should also support NTLM, since it is supported as from "libwww-perl" 5.66. "Net::Proxy::Connector::connect" has not been actually tested with NTLM, though. Any report of success or failure with a NTLM proxy will be appreciated. HISTORY
This module is based on my script "connect-tunnel", that provided a command-line interface to create tunnels though HTTP proxies. It was first published on CPAN on March 2003. A better version of "connect-tunnel" (using "Net::Proxy") is provided this distribution. COPYRIGHT
Copyright 2006 Philippe 'BooK' Bruhat, All Rights Reserved. LICENSE
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. perl v5.10.1 2009-10-18 Net::Proxy::Connector::connect(3pm)

Complex Event Processing RSS News

OWASP AppSec Asia 2008: Proxy Caches and Web Application Security

LEARN ABOUT DEBIAN

net::proxy::connector::connect