« Web Application Scanners Rolling Review Ends - Only One Scanner Was Capable of Scanning the AJAX web Application....You Guessed It - IBM Rational AppScan! | Main | Untrusted Gateways - Open wireless networks »

October 23, 2007



Firefox has similar functionality, namely the keywords property does the same thing.

Though on Firefox its more useful since you can have URLs which look like http://www.google.com/search?q=%s so that you can do a search from the address bar.

But as you yourself said, its pretty damn obvious when the address bar changes, you might be able to fool some users, true, but it really shouldn't be an issue - malware has better ways to attack users.

Shahar Sperling

I wanted to mention that you might be overestimating a couple of things:
1) That your average J. Q. Surfer can keep track of the favorite links, and most wont notice a new entry. Try as I might, mine usually end up in a mess.
2) That the same average person looks at the address bar past the initial typing or can understand what goes on there. Or cares, for that matter.
I would agree that getting there's the hard part. However, if you could inject an "Add to Favorite" link (XSS of some sort?), most people would be completely oblivious to the fact they were compromised.

The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Become a Fan