April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
AttachFile, and AttachURL. An attacker might be able to trick your appli-
cation into attaching a file you don’t want to be sent out.This is similar to
the file system-based vulnerabilities described earlier.
■
Java The inclusion of the java.net.* package(s), and especially for the use
of ServerSocket (which means your application is listening for inbound
requests).Also, keep a watch for the inclusion of java.rmi.*. RMI is Java’s
remote method invocation, which is functionally similar to CORBA’s.
■
ColdFusion Look for the tags CFFTP, CFHTTP, CFLDAP, CFMail, and
CFPOP.
Pulling It All Together
So, now that you have this large list of target functions/commands, ...