How to prevent a cross-site tracing vulnerability exploit
contributed by Michael Cobb

My constant concern about rushed and unrealistic development timetables for websites was borne out the other day when I was called in to investigate what turned out to be a case of cross-site tracing (XST).
A cross-site tracing attack exploits ActiveX, Flash, Java and other controls that allow the execution of an HTTP TRACE request. The attack is not a new one; it was discovered by Web security researcher Jeremiah Grossman in 2003, and enables an attacker to gain access to an individual's cookies and authentication credential information.

Read More.