8 Evaluating Input Validation Checks

Failure to validate any input received from the client before using it in the application code is one of the most common security vulnerabilities found in web applications. This flaw is the source of major security issues, such as SQL injection and Cross-Site Scripting (XSS). Web penetration testers must evaluate and determine whether any input is reflected back or executed upon by the application. We’ll learn how to use Burp Suite to perform such tests.

In this chapter, we will cover the following recipes:

Testing for reflected cross-site scripting
Testing for stored cross-site scripting
Testing for HTTP verb tampering
Testing for HTTP parameter pollution
Testing for SQL injection
Testing for command injection ...

Get Burp Suite Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Cookbook - Second Edition by Dr. Sunny Wear

8

Evaluating Input Validation Checks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly