|
Document Details
Browser Identification for Web Applications
Description: Browser Identification is not a new concept. With the focus having shifted to desktops from networks and servers, a topic such as remote browser identification needs to be revisited.
Browsers identify themselves to web servers in the USER_AGENT header field that is contained in requests sent to the server. Almost every release of browsers contains sloppy code that allows malicious servers or attackers to compromise user privacy and security.
The header that normally identifies a user’s web browser tells such servers exactly which attacks to use. Obfuscating the information contained in the USER_AGENT header field reduces the likelihood of browser-related attacks.
There are other methods of analysis and evaluation that help in accurately identifying browsers. Knowing about these methods is necessary for two reasons: � Increase awareness of browser-related attacks among desktop users. � Assist security consultants to factor in browser-related information when working on web application security testing assignments.
This paper outlines techniques that allow users to determine client browser types remotely.
| Name |
Browser Identification for Web Applications |
| Keywords |
|
| Filesize |
58.54 kB |
| Google Ads |
|
| Filetype |
pdf (Mime Type: application/pdf) |
| Creator |
Everybody |
| Created On: |
07/15/2005 00:00 |
| Viewers |
Everybody |
| Maintained by |
Zinho |
| Hits |
37 Hits |
| Last updated on |
12/31/1969 16:00 |
| Homepage |
|
| CRC Checksum |
|
| MD5 Checksum |
|
You need to login to download texts/tools. Register here, it's fast and free!
|
