Setting the secure flag in the cookies

Security team identified following flaw – Session Cookie without Secure flag set http://www.enablesecurity.com/blog/2008/8/29/setting-the-secure-flag-in-the-cookie-is-easy.html Original article on TechRepublic http://www.techrepublic.com/blog/networking/https-surf-jacking-makes-it-vulnerable/634 TechRepublic had an interesting article about the Surf Jack attack. Many people commented, some giving their own solution to the problem. However many of these solutions do not prevent the attack because they do not really address it. Of… Read More Setting the secure flag in the cookies

Track / Trace method on web server

Symptomps: serverxyz:~ # telnet 127.15.10.36 80 Trying 127.15.10.36… Connected to 10.17.105.34. Escape character is ‘^]’. TRACE / HTTP/1.0 HTTP/1.1 200 OK Date: Wed, 22 Aug 2012 12:17:05 GMT Server: Apache/2.0.52 (Unix) mod_ssl/2.0.52 OpenSSL/0.9.7e Connection: close Content-Type: message/http TRACE / HTTP/1.0 Connection closed by foreign host. Solution: For Apache, add the lines below to httpd.conf LoadModule… Read More Track / Trace method on web server

Apache troubleshooting

Apache Error Log File All apache errors / diagnostic information other errors found during serving requests are logged to this file. Location of error log is set using ErrorLog directive. If there is any problem, you should first take a look at this file using cat, grep or any other UNIX / Linux text utilities. This apache… Read More Apache troubleshooting