Next-Generation Web Application Exploitation

The basics of web exploitation have been covered in previous editions and exhaustively on the Web. However, some of the more advanced techniques are a bit harder to wrap your head around, so in this chapter we’re going to be looking at some of the attack techniques that made headlines from 2014 to 2017. We’ll be digging into these techniques to get a better understanding of the next generation of web attacks.

In particular, this chapter covers the following topics:

•   The evolution of cross-site scripting (XSS)

•   Framework vulnerabilities

•   Padding oracle attacks

The Evolution of Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is one of the most misunderstood web vulnerabilities ...

Get Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.