The Web Application Hacker's Handbook · Finding and Exploiting Security Flaws by Stuttard, Dafydd -- Read -- Imperial Library of Trantor

Index

Chapter 1: Web Application (In)security

The Evolution of Web Applications Web Application Security Summary

Chapter 2: Core Defense Mechanisms

Handling User Access Handling User Input Handling Attackers Managing the Application Summary Questions

Chapter 3: Web Application Technologies

The HTTP Protocol Web Functionality Encoding Schemes Next Steps Questions

Chapter 4: Mapping the Application

Enumerating Content and Functionality Analyzing the Application Summary Questions

Chapter 5: Bypassing Client-Side Controls

Transmitting Data Via the Client Capturing User Data: HTML Forms Capturing User Data: Browser Extensions Handling Client-Side Data Securely Summary Questions

Chapter 6: Attacking Authentication

Authentication Technologies Design Flaws in Authentication Mechanisms Implementation Flaws in Authentication Securing Authentication Summary Questions

Chapter 7: Attacking Session Management

The Need for State Weaknesses in Token Generation Weaknesses in Session Token Handling Securing Session Management Summary Questions

Chapter 8: Attacking Access Controls

Common Vulnerabilities Attacking Access Controls Securing Access Controls Summary Questions

Chapter 9: Attacking Data Stores

Injecting into Interpreted Contexts Injecting into SQL Injecting into NoSQL Injecting into XPath Injecting into LDAP Summary Questions

Chapter 10: Attacking Back-End Components

Injecting OS Commands Manipulating File Paths Injecting into XML Interpreters Injecting into Back-end HTTP Requests Injecting into Mail Services Summary Questions

Chapter 11: Attacking Application Logic

The Nature of Logic Flaws Real-World Logic Flaws Avoiding Logic Flaws Summary Questions

Chapter 12: Attacking Users: Cross-Site Scripting

Varieties of XSS XSS Attacks in Action Finding and Exploiting XSS Vulnerabilities Preventing XSS Attacks Summary Questions

Chapter 13: Attacking Users: Other Techniques

Inducing User Actions Capturing Data Cross-Domain The Same-Origin Policy Revisited Other Client-Side Injection Attacks Local Privacy Attacks Attacking ActiveX Controls Attacking the Browser Summary Questions

Chapter 14: Automating Customized Attacks

Uses for Customized Automation Enumerating Valid Identifiers Harvesting Useful Data Fuzzing for Common Vulnerabilities Putting It All Together: Burp Intruder Barriers to Automation Summary Questions

Chapter 15: Exploiting Information Disclosure

Exploiting Error Messages Gathering Published Information Using Inference Preventing Information Leakage Summary Questions

Chapter 16: Attacking Native Compiled Applications

Buffer Overflow Vulnerabilities Integer Vulnerabilities Format String Vulnerabilities Summary Questions

Chapter 17: Attacking Application Architecture

Tiered Architectures Shared Hosting and Application Service Providers Summary Questions

Chapter 18: Attacking the Application Server

Vulnerable Server Configuration Vulnerable Server Software Web Application Firewalls Summary Questions

Chapter 19: Finding Vulnerabilities in Source Code

Approaches to Code Review Signatures of Common Vulnerabilities The Java Platform ASP.NET PHP Perl JavaScript Database Code Components Tools for Code Browsing Summary Questions

Chapter 20: A Web Application Hacker's Toolkit

Web Browsers Integrated Testing Suites Standalone Vulnerability Scanners Other Tools Summary

Chapter 21: A Web Application Hacker's Methodology

General Guidelines 1 Map the Application's Content 2 Analyze the Application 3 Test Client-Side Controls 4 Test the Authentication Mechanism 5 Test the Session Management Mechanism 6 Test Access Controls 7 Test for Input-Based Vulnerabilities 8 Test for Function-Specific Input Vulnerabilities 9 Test for Logic Flaws 10 Test for Shared Hosting Vulnerabilities 11 Test for Application Server Vulnerabilities 12 Miscellaneous Checks 13 Follow Up Any Information Leakage

Introduction

← Prev
Back
Next →

← Prev
Back
Next →