Archive for THREAT

[hackersmag] HTTP Referer Spoofing, don’t get confused, don’t worry, Block or Avoid

Posted in AbhishekKr, security with tags , , , , , , , , on November 19, 2013 by abhishekkr

hackersmag.blogspot.in [30/Oct/2013]

http://hackersmag.blogspot.in/2013/10/http-referer-spoofing-dont-get-confused.html

HTTP Referer?
It’s an optional HTTP Request Header which can be set to URI to inform the WebServer the source URI which led the client to current URI.

Analytics Benefit:
It’s useful for Web content publishers for analysis sake as per which are the web portals that are attractive more visitors to that URI.

Security Benefit:
It has also been seen to be used as an extra layer of check by WebApps to confirm if the requested URI has been accessed via proper channels and respond accordingly.

HTTP Referer Spoofing ?

As other popular spoofing attack this doesn’t involve attacker trying to hide their identity.

…..
…..

Threat ?
There are potential 2 types of threats which arise from it:
…..
….. 
Solution ?
…..
…..
read full blogpost here