Cross-Site Scripting Explained – Part 6: HTTPOnly Cookies
https://www.ispeech.org
Author: Jeremy Druin
Twitter: @webpwnized
Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized!
Description: Using Mutillidae, we look at the effect HTTPOnly cookies have when a page is infected with a cross site script. The demonstration is primarily targetted at developers who wish to understand better why it is a good idea to set cookies with the HTTPOnly flag. A better solution would be to have all cookies be HTTPOnly unless the developer overrides. Mutillidae is a free web application with vulnerabilities added on purpose to give security enthusiast and developers an application to practice various attacks and defenses. It is a free download on Sourceforge. Updates on Mutillidae are tweeted at @webpwnized.
The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
2012-01-13 01:18:33
source
Gloss