This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Java applet code review"
From OWASP
| Line 4: | Line 4: | ||
#[[All encryption keys and mechanisms are not secrets]] | #[[All encryption keys and mechanisms are not secrets]] | ||
#[[All intellectual property (algorithms, data) is disclosed]] | #[[All intellectual property (algorithms, data) is disclosed]] | ||
| − | |||
'''Attackers Create Malicious Client, Server, or Proxy''' | '''Attackers Create Malicious Client, Server, or Proxy''' | ||
| Line 11: | Line 10: | ||
#[[Spoof a legitimate client or server application]] | #[[Spoof a legitimate client or server application]] | ||
| − | |||
'''Attackers Target Rich Client Application Itself''' | '''Attackers Target Rich Client Application Itself''' | ||
Revision as of 21:10, 21 January 2007
Attackers Reverse Engineer Client
- All clients can be reverse engineered, monitored, and modified
- All encryption keys and mechanisms are not secrets
- All intellectual property (algorithms, data) is disclosed
Attackers Create Malicious Client, Server, or Proxy
Attackers Target Rich Client Application Itself
- Clients can be abused - especially if they are "listening"
- All forms of input corruption (injection, overflow, etc.) can be used
- Spoofed server can be set up
Attackers Target Server Application Vulnerabilities
Client Security Considerations
