Archive for http

[hackersmag] HTTP Referer Spoofing, don’t get confused, don’t worry, Block or Avoid

Posted in AbhishekKr, security with tags , , , , , , , , on November 19, 2013 by abhishekkr

hackersmag.blogspot.in [30/Oct/2013]

http://hackersmag.blogspot.in/2013/10/http-referer-spoofing-dont-get-confused.html

HTTP Referer?
It’s an optional HTTP Request Header which can be set to URI to inform the WebServer the source URI which led the client to current URI.

Analytics Benefit:
It’s useful for Web content publishers for analysis sake as per which are the web portals that are attractive more visitors to that URI.

Security Benefit:
It has also been seen to be used as an extra layer of check by WebApps to confirm if the requested URI has been accessed via proper channels and respond accordingly.

HTTP Referer Spoofing ?

As other popular spoofing attack this doesn’t involve attacker trying to hide their identity.

…..
…..

Threat ?
There are potential 2 types of threats which arise from it:
…..
….. 
Solution ?
…..
…..
read full blogpost here
Advertisements

[tekwalk] Apache httpd VirtualHosts : one gets default, unknown faults

Posted in Blogroll, tutorial with tags , , , , , , , on April 30, 2013 by abhishekkr

tekwalk.blogspot.com [13/Jan/2013]

http://tekwalk.blogspot.in/2013/01/apache-httpd-virtualhosts-one-gets.html

Recently faced a situation where even after removing a VirtualHost, its ServerName was giving HTTP 200 response. It was all because of missed RTFM agenda.

When VirtualHosts get applied in Apache HTTPD server configuration, the first definition encountered by Apache Controller gets selected as the default route logic selected if the ServerName doesn’t match any provided.

example scripts at https://gist.github.com/abhishekkr/4526414

…click here to read full post

[just.few.tuts] http_voodoo_mongo ~ Remote Control MongoDB over HTTP

Posted in AbhishekKr, tutorial with tags , , , , , , on November 14, 2011 by abhishekkr

@ justfewtuts.blogspot.com [20-October-2011]

http://justfewtuts.blogspot.com/2011/10/httpvoodoomongo-remote-control-your.html

usage: it’s a remote controller for your local/remote MongoDB instances working over an HTTP mocking service
What it consists of?

…..click here to read in detail

[hackersmag] Don’t SSL-ify full site until SSL is itself Secure

Posted in ABK Labs, security with tags , , , , , , , , , on April 3, 2011 by abhishekkr

http://hackersmag.blogspot.com [30/03/2011]

http://hackersmag.blogspot.com/2011/03/full-site-ssl-ification-is-not-option.html

Full Site SSL-ification is not an option, need to make SSL secure first

I have  heard (Recently and in past) security aware lives wasting a lot of their potential over the argument like
+ ‘Basic HTTP is insecure‘ {sometimes in novice past}
+ ‘SSL-ify entire web service‘ {still a lot push is there}
Now, ‘Basic HTTP’ being insecure is not a flaw by design… but a flaw by choice.

……….
Though it has been haunting the websites by attacks like
+[] SSL Stripping:
It’s due to……….
+[] Sidejacking:
It occurs……….
……….
Then, ‘Full Site SSL-ification’ is a good choice from theoretical security point-of-view, but just in theory.
Different SSL-Defeating attacks involving
+[] Flaws in Libraries like NSS:
There was a……….
+[] Fake SSL Certificate generation:
Not a flaw……….
……….
So, if you will look deeper into serial-murder case file of   SSL Certificates, you’ll see it ain’t safe…
and so there is no point in argument over its mixed/full   implementation.
…click here to read in detail

[justfewtuts.blogspot.com] run PYTHON as a HTTP server

Posted in Blogroll, tutorial with tags , , , , , , on August 10, 2010 by abhishekkr

@ justfewtuts.blogspot.com [5/July/2010]

below are the blog post links on how to utilize installed PYTHON on your machine to run a Simple OR CGI-Supported HTTP Server on your machine…

that too without any scripting directly run PYTHON as a server

—————————————————————–

http://justfewtuts.blogspot.com/2010/08/is-python-installed-yes-you-have-simple.html

is Python installed, you already have Simple HTTP Server
if you need any simple plain web-server on your machine to
server files (html or else) …click here to read full BlogPost

—————————————————————–

http://justfewtuts.blogspot.com/2010/08/run-python-no-script-to-provide-cgi.html

want HTTP Server with CGI Support, just need PYTHON without any scripts
so to have CGI supported HTTP server, just by using PYTHON,
you need to follow below steps …click here to read full BlogPost