October 20, 2009

Server Security- passing the audits

Whilst passing a server through Barclaycard PCI-CSS security audits we came across a possible method of server attack: Any server that supports TRACE and TRACK methods over HTTP is possibly open to a security vulnerability known as an XST attack (Cross Site Tracing). This allows a carefully crafted TRACE request to intercept a users cookie […]

Like what you see? Share with a friend