This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

File:OWASPSanAntonio 2006 05 ForcefulBrowsing Content.pdf

From OWASP
Jump to: navigation, search
OWASPSanAntonio_2006_05_ForcefulBrowsing_Content.pdf(file size: 59 KB, MIME type: application/pdf)

By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With this technique, you may be assured that clients may only visit pages for which links have been presented.

Granularity may be adjusted for an entire page, as well as for specific page parameters. For example, you may prevent a user from deleting customers altogether, or you may permit a user to delete customer #1, but not customer #2. In addition, a notification system can alert you when users are forceful browsing.

The implementation will be presented using PHP.

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current13:25, 10 July 2006 (59 KB)Dancornell (talk | contribs)Category:OWASP Presentations By Forceful Browsing, clients may be able to access pages which should be forbidden. A technique for preventing forceful browsing is introduced. With this technique, you may be assured that clients may only visit pages f
  • You cannot overwrite this file.

The following page links to this file: