This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File:OWASPSanAntonio 2006 05 ForcefulBrowsing Content.pdf
By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With this technique, you may be assured that clients may only visit pages for which links have been presented.
Granularity may be adjusted for an entire page, as well as for specific page parameters. For example, you may prevent a user from deleting customers altogether, or you may permit a user to delete customer #1, but not customer #2. In addition, a notification system can alert you when users are forceful browsing.
The implementation will be presented using PHP.
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Dimensions | User | Comment | |
---|---|---|---|---|
current | 13:25, 10 July 2006 | (59 KB) | Dancornell (talk | contribs) | Category:OWASP Presentations By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With this technique, you may be assured that clients may only visit pages f |
- You cannot overwrite this file.
File usage
The following page links to this file: