Sunday, December 21, 2008

Forget about OWASP, go for Webkin Application Security!

So my daughter received an early Christmas present, a Webkins Clydesdale horse, and when I registered this "adopted" pet (as an adoptive parent, I'm always find stuff like this mildly offensive) I was shocked to see the number of disclaimers, guidance on passwords security, protecting your secret code, etc. during the initial registration far exceeds many security products and public web portals, online banking sites, etc.

And most effective was the animated goose (with glasses propped down on her nose) scolding you about the dangers of a weak password or sharing your secret code.

Of course coming up with the squid proxy whitelist was sort of painful because they use a lot hardcoded IP address in their app like below:

1229885588.050 117 TCP_MISS/200 1081 GET - DIRECT/ text/xml
1229885588.056 139 TCP_MISS/200 2406 GET - DIRECT/ text/xml
1229885615.945 136 TCP_MISS/200 851 GET - DIRECT/ text/xml
1229885615.977 953 TCP_MISS/200 6437 GET - DIRECT/ text/xml
1229885616.007 177 TCP_MISS/200 1713 POST - DIRECT/ text/xml
1229885617.630 101 TCP_MISS/200 359 POST - DIRECT/ text/html
1229885617.647 116 TCP_MISS/200 672 POST - DIRECT/ text/xml
1229885617.656 136 TCP_MISS/200 374 POST - DIRECT/ text/xml
1229885617.902 122 TCP_MISS/200 470 POST - DIRECT/ text/plain
1229885617.956 175 TCP_MISS/404 630 GET - DIRECT/ text/html

No comments: