Hi Friends, How can we mitigate/stop session hijacking if the application is on HTTP and MITM is already there?
Regards Amit Saini On Mon, Jul 6, 2015 at 5:30 PM, <owasp-delhi-requ...@lists.owasp.org> wrote: > Send OWASP-Delhi mailing list submissions to > owasp-delhi@lists.owasp.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.owasp.org/mailman/listinfo/owasp-delhi > or, via email, send a message with subject or body 'help' to > owasp-delhi-requ...@lists.owasp.org > > You can reach the person managing the list at > owasp-delhi-ow...@lists.owasp.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of OWASP-Delhi digest..." > > > Today's Topics: > > 1. Re: How to implement ASLR & DEP in C# thick client > applications? (Dhruv Soi) > 2. Re: How to implement ASLR & DEP in C# thick client > applications? (sanjay kumar) > 3. Re: How to implement ASLR & DEP in C# thick client > applications? (Dhruv Soi) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 5 Jul 2015 16:00:02 +0400 > From: Dhruv Soi <dhruv....@owasp.org> > To: sanjay kumar <sanjay1519...@gmail.com> > Cc: owasp-delhi <owasp-delhi@lists.owasp.org> > Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick > client applications? > Message-ID: > <CA+Rr0= > 6x1t9bxzmvcm1842orwat0ebxkpog2xhe3uajc2p1...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications > > http://www.lmgtfy.com/?q=aslr+c%23 > > On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519...@gmail.com> > wrote: > > Hi, > > > > Does anyone knows how to implement ASLR (Address Space Layout > > Randomization), DEP (Data Execution Prevention) in thick client > application > > based on C#? > > > > If it cannot be implement then what is the risk in applications which > > developed in C#? > > > > Regards, > > > > Sanjay Kumar > > > > > > > > _______________________________________________ > > OWASP-Delhi mailing list > > OWASP-Delhi@lists.owasp.org > > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > LinkedIn Group: https://www.linkedin.com/groups?gid=89270 > > Twitter: https://twitter.com/OWASPdelhi > > > ------------------------------ > > Message: 2 > Date: Mon, 6 Jul 2015 12:05:41 +0530 > From: sanjay kumar <sanjay1519...@gmail.com> > To: Dhruv Soi <dhruv....@owasp.org> > Cc: owasp-delhi <owasp-delhi@lists.owasp.org> > Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick > client applications? > Message-ID: > <CAPHKmPMkf51EEqDY8KOjHn70AdPjcdQa= > 7ht3a5qp8txb_q...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Thanks Dhruv, > > But the question is for c#, I dint find such specific result for tht. > > On Sunday, July 5, 2015, Dhruv Soi <dhruv....@owasp.org> wrote: > > > http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications > > > > http://www.lmgtfy.com/?q=aslr+c%23 > > > > On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519...@gmail.com > > <javascript:;>> wrote: > > > Hi, > > > > > > Does anyone knows how to implement ASLR (Address Space Layout > > > Randomization), DEP (Data Execution Prevention) in thick client > > application > > > based on C#? > > > > > > If it cannot be implement then what is the risk in applications which > > > developed in C#? > > > > > > Regards, > > > > > > Sanjay Kumar > > > > > > > > > > > > _______________________________________________ > > > OWASP-Delhi mailing list > > > OWASP-Delhi@lists.owasp.org <javascript:;> > > > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > > LinkedIn Group: https://www.linkedin.com/groups?gid=89270 > > > Twitter: https://twitter.com/OWASPdelhi > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150706/09d325c4/attachment-0001.html > > > > ------------------------------ > > Message: 3 > Date: Mon, 6 Jul 2015 12:04:03 +0400 > From: Dhruv Soi <dhruv....@owasp.org> > To: sanjay kumar <sanjay1519...@gmail.com> > Cc: owasp-delhi <owasp-delhi@lists.owasp.org> > Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick > client applications? > Message-ID: > <CA+Rr0=67-k-= > oarqeo67oag-ekz0afe6ros9gcurofykobr...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Hope these helps. > > > https://msdn.microsoft.com/en-us/library/microsoft.visualstudio.vcprojectengine.vclinkertool.randomizedbaseaddress.aspx > https://msdn.microsoft.com/en-us/library/bb384887.aspx > https://msdn.microsoft.com/en-us/library/dn195771.aspx > https://msdn.microsoft.com/en-us/library/hh156527.aspx > > On Mon, Jul 6, 2015 at 10:35 AM, sanjay kumar <sanjay1519...@gmail.com> > wrote: > > Thanks Dhruv, > > > > But the question is for c#, I dint find such specific result for tht. > > > > > > On Sunday, July 5, 2015, Dhruv Soi <dhruv....@owasp.org> wrote: > >> > >> http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications > >> > >> http://www.lmgtfy.com/?q=aslr+c%23 > >> > >> On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519...@gmail.com> > >> wrote: > >> > Hi, > >> > > >> > Does anyone knows how to implement ASLR (Address Space Layout > >> > Randomization), DEP (Data Execution Prevention) in thick client > >> > application > >> > based on C#? > >> > > >> > If it cannot be implement then what is the risk in applications which > >> > developed in C#? > >> > > >> > Regards, > >> > > >> > Sanjay Kumar > >> > > >> > > >> > > >> > _______________________________________________ > >> > OWASP-Delhi mailing list > >> > OWASP-Delhi@lists.owasp.org > >> > https://lists.owasp.org/mailman/listinfo/owasp-delhi > >> > LinkedIn Group: https://www.linkedin.com/groups?gid=89270 > >> > Twitter: https://twitter.com/OWASPdelhi > > > ------------------------------ > > _______________________________________________ > OWASP-Delhi mailing list > OWASP-Delhi@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > > End of OWASP-Delhi Digest, Vol 84, Issue 5 > ****************************************** >
_______________________________________________ OWASP-Delhi mailing list OWASP-Delhi@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-delhi LinkedIn Group: https://www.linkedin.com/groups?gid=89270 Twitter: https://twitter.com/OWASPdelhi
