Next-Generation Web Application Exploitation
The basics of web exploitation have been covered in previous editions and exhaustively on the Web. However, some of the more advanced techniques are a bit harder to wrap your head around, so in this chapter we’re going to be looking at some of the attack techniques that made headlines from 2014 to 2017. We’ll be digging into these techniques to get a better understanding of the next generation of web attacks.
In particular, this chapter covers the following topics:
• The evolution of cross-site scripting (XSS)
• Framework vulnerabilities
• Padding oracle attacks
The Evolution of Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is one of the most misunderstood web vulnerabilities ...