The curious case of encrypted URL parameters
In Summary : As intra-app URLs used in web applications are generated and parsed by the same code base, there’s no external force pushing ...
https://updatesinfosec.blogspot.com/2018/05/the-curious-case-of-encrypted-url.html
In Summary :
As intra-app URLs used in web applications are generated and parsed by the same code base, there’s no external force pushing developers towards using a human-readable form of serialization. Sure, it’s easier to do debugging and development, but that’s why I used the word “external”. Many frameworks use custom encodings, but one of the most extreme things a developer can do in this regard is completely encrypting request parameters. We encountered such a setup during a recent web app security assessment, let’s see how it worked out. [...]
kindly refer the following link as follow up :
https://ift.tt/2GF69Ll
As intra-app URLs used in web applications are generated and parsed by the same code base, there’s no external force pushing developers towards using a human-readable form of serialization. Sure, it’s easier to do debugging and development, but that’s why I used the word “external”. Many frameworks use custom encodings, but one of the most extreme things a developer can do in this regard is completely encrypting request parameters. We encountered such a setup during a recent web app security assessment, let’s see how it worked out. [...]
kindly refer the following link as follow up :
https://ift.tt/2GF69Ll
