book

Web Application Vulnerabilities

by Steven Palmer

April 2011

Intermediate to advanced

480 pages

11h 4m

English

Syngress

Read now

Unlock full access

IntroductionWeb Application Architecture ComponentsThe Web ServerThe Application ContentThe Data StoreComplex Web Application Software ComponentsLoginSession Tracking MechanismUser Permissions EnforcementRole Level EnforcementData AccessApplication LogicLogoutPutting it all TogetherThe Web Application Hacking MethodologyDefine the Scope of the EngagementBefore Beginning the Actual AssessmentOpen Source Intelligence ScanningDefault Material ScanningBase Line the ApplicationFuzzingExploiting/Validating VulnerabilitiesReportingThe History of Web Application Hacking and the Evolution of ToolsExample 1: Manipulating the URL Directly (GET Method Form Submittal)Example 2: The POST MethodExample 3: Man in the Middle SocketsThe Graphical User Interface Man in the Middle ProxyCommon (or Known) Vulnerability ScannersSpiders and other CrawlersAutomated FuzzersAll in One and Multi Function ToolsOWASP’s WebScarab DemonstrationStarting WebScarabNext: Create a new sessionNext: Ensure the Proxy Service is ListeningNext, Configure Your Web BrowserNext, Configure WebScarab to Intercept RequestsNext, Bring up the Summary TabWeb Application Hacking Tool ListSecurity E-Mail ListsSummary
IntroductionThe Principles of Automating SearchesThe Original Search TermExpanding Search TermsE-mail AddressesTelephone NumbersPeopleGetting Lots of ResultsMore CombinationsUsing “Special” OperatorsGetting the Data From the SourceScraping it Yourself – Requesting and Receiving ResponsesScraping it Yourself – The Butcher ShopDapperAura/EvilAPIUsing Other Search EnginesParsing the DataParsing E-mail AddressesDomains and Sub-domainsTelephone NumbersPost ProcessingSorting Results by RelevanceBeyond SnippetsPresenting ResultsApplications of Data MiningMildly AmusingMost InterestingTaking It One Step FurtherCollecting Search TermsOn the WebSpying on Your OwnSearch TermsGmailHoney WordsReferralsSummary
IntroductionCross Site Scripting (XSS)Presenting False InformationHow this Example WorksPresenting a False FormExploiting Browser Based VulnerabilitiesExploit Client/Server Trust Relationships
IntroductionAttackAPIEnumerating the ClientAttacking NetworksHijacking the BrowserControlling ZombiesBeEFInstalling and Configuring BeEFControlling ZombiesBeEF ModulesStandard Browser ExploitsPort Scanning with BeEFInter-protocol Exploitation and Communication with BeEFCAL9000XSS Attacks, Cheat Sheets, and ChecklistsEncoder, Decoders, and Miscellaneous ToolsHTTP Requests/Responses and Automatic TestingOverview of XSS-ProxyXSS-Proxy Hijacking ExplainedBrowser Hijacking DetailsInitializationCommand ModeAttacker Control InterfaceUsing XSS-Proxy: ExamplesSetting Up XSS-ProxyInjection and Initialization Vectors For XSS-ProxyHTML InjectionJavaScript InjectionHandoff and CSRF With HijacksCSRFHandoff Hijack to Other SitesSage and File:// Hijack With Malicious RSS FeedSummarySolutions Fast TrackAttackAPIBeEFCAL9000XSS-ProxyFrequently Asked Questions
IntroductionAttacks on the WebHacking into Web SitesIndex HijackingDNS Poisoning (Pharming)Malware and the Web: What, Where, and How to ScanWhat to ScanWhere to ScanHow to ScanParsing and Emulating HTMLBrowser VulnerabilitiesTesting HTTP-scanning SolutionsTangled Legal WebSummarySolutions Fast TrackAttacks on the WebHacking into Web SitesIndex hijackingDNS Poisoning (pharming)What to Scan?Where to Scan?How to Scan?Parsing and Emulating HTML“JS/Feebs@MM” familyBrowser vulnerabilitiesTesting of HTTP-scanning SolutionsTangled Legal WebFrequently Asked Questions
ObjectivesIntroductionWeb Server Vulnerabilities: A Short HistoryWeb Applications: The New ChallengeChapter ScopeApproachWeb Server TestingCGI and Default Pages TestingWeb Application TestingCore TechnologiesWeb Server Exploit BasicsWhat Are We Talking About?Stack-Based OverflowsHeap-based OverflowsCGI and Default Page ExploitationWeb Application AssessmentInformation Gathering AttacksFile System and Directory Traversal AttacksCommand Execution AttacksDatabase Query Injection AttacksCross-site Scripting AttacksImpersonation AttacksParameter Passing AttacksOpen Source ToolsIntelligence Gathering ToolsScanning ToolsAssessment ToolsAuthenticationProxyExploitation ToolsMetasploitSQL Injection ToolsDNS ChannelTiming ChannelRequirementsSupported DatabasesExample UsageCase Studies: The Tools in ActionWeb Server AssessmentsCGI and Default Page ExploitationWeb Application Assessment
IntroductionWeb SecurityWeb Server LockdownManaging Access ControlHandling Directory and Data StructuresDirectory PropertiesEliminating Scripting VulnerabilitiesLogging ActivityPerforming BackupsMaintaining IntegrityFinding Rogue Web ServersStopping Browser ExploitsExploitable Browser CharacteristicsCookiesWeb SpoofingWeb Server ExploitsSSL and HTTP/SSSL and TLSHTTP/STLSS-HTTPInstant MessagingPacket Sniffers and Instant MessagingText Messaging and Short Message Service (SMS)Web-based VulnerabilitiesUnderstanding Java-, JavaScript-, and ActiveX-based ProblemsJavaActiveXDangers Associated with Using ActiveXAvoiding Common ActiveX VulnerabilitiesLessening the Impact of ActiveX VulnerabilitiesProtection at the Network LevelProtection at the Client LevelJavaScriptPreventing Problems with Java, JavaScript, and ActiveXProgramming Secure ScriptsCode Signing: Solution or More Problems?Understanding Code SigningThe Benefits of Code SigningProblems with the Code Signing ProcessBuffer OverflowsMaking Browsers and E-mail Clients More SecureRestricting Programming LanguagesKeep Security Patches CurrentSecuring Web Browser SoftwareSecuring Microsoft IECGIWhat is a CGI Script and What Does It Do?Typical Uses of CGI ScriptsBreak-ins Resulting from Weak CGI ScriptsCGI WrappersNiktoFTP SecurityActive and Passive FTPS/FTPSecure CopyBlind FTP/AnonymousFTP Sharing and VulnerabilitiesPacket Sniffing FTP TransmissionsDirectory Services and LDAP SecurityLDAPLDAP DirectoriesOrganizational UnitsObjects, Attributes and the SchemaSecuring LDAPSummarySolutions Fast TrackWeb SecurityFTP SecurityLDAP SecurityFrequently Asked Questions

Overview

In this book, we aim to describe how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. We will describe common security issues in Web applications, tell you how to find them, describe how to exploit them, and then tell you how to fix them. We will also cover how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. We will also try to explain how to detect if hackers are actively trying to exploit vulnerabilities in your own Web applications.

Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more.
See why Cross Site Scripting attacks can be so devastating.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781597492096

Web Application Vulnerabilities

by Steven Palmer

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Securing Web Applications

XSS Attacks

Web Application Firewalls

Web Application Defender's Cookbook

Publisher Resources

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Securing Web Applications

XSS Attacks

Web Application Firewalls

Web Application Defender's Cookbook

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.