Palisade Magazine
 
URL Redirection Flaw

June 2008

URL Redirection Flaw

by Sourabh Saxena

Harry gets an email from his bank stating that he has received some promotion offers so he should click on the link below to avail those offers. Harry ensures that the site is authentic by checking the name of his bank in the URL as he is aware of phishing attacks. He finds it to be a genuine URL of the bank, so he clicks the link. On clicking the link the login page of his bank is displayed to him. He enters his username and password on the login page. He gets an error page saying “The server is unable to process your request”.… more →

Mobile Banking - Threats and Mitigation

by Suraj Sankaran

In my previous article, I had explained the two common mobile banking architectures and exchange of information using one of the architectures. In this article, I’ll be explaining the threats observed and an ideal process to overcome these threats. The explanation would be based on the information exchange for the architecture discussed in my previous article. Each phase has the threats mentioned and a secure process to ensure these threats are mitigated.… more →

CSRF - The hidden menace

by Sapna Satish

Cross Site Request Forgery (also known as XSRF, CSRF, Sea Surf, Session Riding, and Cross Site Reference Forgery) is an attack that tricks the victim into taking some action on the vulnerable application without the victim’s knowledge. This can happen when the victim visits a webpage that contains a malicious request, which then performs the chosen action on behalf of the victim.… more →

QuizQuiz: Cross Site Printing

What is Cross Site Printing?

  1. A typo for Cross Site Scripting
  2. A new Printing technology from Microsoft
  3. A new attack that prints to your internal printers when you visit a website
  4. None of these

more →

On the blog recently

Past quizzes

  • Apr '06 : Which of the following websites is least likely to be a target of phishing / pharming attacks?
  • Oct '05 : Which logging mechanism is best to trace back to the culprit in case of an application fraud, for example, when a fraudster may have illegally transferred money from somebody else’s account to his own account?
  • Sep '05 : When is the best time to assign session ids?
  • Sep '04 : How should I protect the session cookie in my web application from getting stolen?
  • Jun '07 : Which of the following is/are required as safe authentication controls at login page?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award
  • 15.02.09. Paladion/Plynt Launches a PCI Solution Package for the Retail Industry to Meet Demands for Enterprise Merchants Seeking PCI DSS Compliance
  • 10.06.08. Paladion is presenting on “Safeguarding SaaS” at the SaaS University in Boston, June 18-19
  • 17.03.08. Asian Banker awards Kotak Mahindra and Paladion the best security implementation project for 2007