O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Heading in the Right Direction

HTTP headers have a complicated relationship with Web security. They can be easily spoofed and represent yet another vector for attacks such as XSS, SQL injection, and even application logic attacks. Nevertheless, headers will provide CSRF mitigation in many circumstances. The point of these steps is reducing the risk by removing some of the attacker's strategies for attack, not blocking all possible scenarios.

Referer[A]

A This header name was misspelled in the original HTTP/1.0 standard (RFC 1945), which was published in 1996. The prevalence of Web servers and browsers expecting this misspelling likely ensures that it will remain so for a very long time.

Web developers have been warned to ignore the Referer ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required