April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
■
ASP Calls to Server.CreateObject() that create Scripting.FileSystemObject
objects. Access to the file system is controlled via the use of the
Scripting.FileSystemObject; so if the application doesn’t use this object, you
don’t have to worry about file system vulnerabilities.The MapPath function
is typically used in conjunction with file system access, and thus serves as a
good indicator that the ASP page does somehow interact with the file
system on some level.
■
Uses of the ChooseContent method of an IISSample
.ContentRotator object (look for Server.CreateObject() calls for
IISSample.ContentRotator).
■
Perl Calls to the functions chmod, chown, link, lstat, ...