Week 10 – Summary

Reading

Proxy servers are used to intercept data between private and public networks for increased response time when querying domain names by caching data, masking origin’s Public IP Address to fake point of origin, redirect traffic to other servers and manage authentication for internet access. Proxy can also be used to intercept traffic between browser and target application allowing to execute man-in-the-middle attack when accessing non-encrypted destinations. Login credentials and target web application vulnerabilities may be discovered and exploited afterwards. SQL Injections and XSS attacks are some of examples.

Web Apps injection attacks are done by inserting improper characters or code into web form fields, which when processed by back end web server get accepted and malicious code is executed. Programmers must develop web form checkers to verify input data is correct and consistent within application logic.

Question for the Class: What Proxy server software, other than Burp, is the most effective and easy to use?

In the News

Electronic Frontier Foundation (EFF) received an approval from United States Copyright Office (DMCA) of their proposal to exempt restrictions from:

1. Device unlocking
2. Jailbreaking
3. Ripping videos for remix

EFF Proposal: https://www.eff.org/document/eff-jailbreaking-exemption-request

Article: http://thehackernews.com/2015/10/jailbreak-phones.html