Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
RE: [WEB SECURITY] Bypassing WAF via HTTP Pollution
Oct 08 2012 09:09PM
Dave Wichers (dave wichers aspectsecurity com)
Regarding combining parameters, ASP and ASP.NET and a couple of others do this by default by creating a comma separated list. This behavior of combining parameters was mentioned in Stefano di Paola and Luca Carettoni's original talk on this topic at OWASP AppSec Poland in 2009. They list which speci...
[ more ]
Copyright 2010, SecurityFocus