![\"\"](\"http:\/\/2.bp.blogspot.com\/_Hu1rpxRsqcU\/SwVrcFZyVXI\/AAAAAAAAAW8\/KNtsi1blfiU\/s1600\/Communication_Exposure_Matrix.jpg\")
<\/a><\/p>\n- \n
- URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).<\/li>\n
- Body arguments refer to data communicated via POST paramaters in the HTTP request body.<\/li>\n<\/ul>\n
NOTE: <\/span>This chart does not address client side caching of temporary files. Caching is a separate issue from the protocol selection and should be addressed with appropriate cache-control headers.
A quick conclusion<\/span><\/span>: The secure choice for transmission of any sensitive data is to use POST statements over SSL\/TLS. Any other option will expose data at some point in the communication.<\/span><\/p>\n<\/p>\n
This is a guest post by Michael Coates, a senior application security consultant with extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers world-wide.<\/p>\n
The original text is published on …Application Security…<\/a><\/p>\n
Talkback and comments are most welcome<\/p>\n
Related posts
OWASP Publishes Top 10 Web App Security Risks for 2010<\/a>
Creating Your Own Web Server<\/a>
Web Site that is not Easy to hack – Part 2 HOWTO<\/a>
Web Site that is not that easy to hack – Part 1 HOWTO<\/a>
Tutorial – Secure Web Based Job Application<\/a><\/p>\n<\/div>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Here is a quick chart showing the data exposure when considering GET vs POST and also HTTP vs HTTPS. URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something). Body arguments refer to data communicated via POST paramaters in the HTTP request body. NOTE: This chart does not address client side […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-130250","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/130250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=130250"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/130250\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=130250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=130250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=130250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}