11 Payload vulnerabilities

In this chapter

How accepting serialized data from an untrusted source is a security risk
How XML parsers are vulnerable to attack
How hackers can target file upload functions
How path traversal vulnerabilities can allow access to sensitive files
How mass assignment vulnerabilities can allow the manipulation of data

Most of the vulnerabilities discussed in the preceding chapters have been concerned with indirect attacks against your users. These attacks inject code into users’ browsers, trick users into performing unexpected actions, or steal credentials or sessions. Now we turn our attention to attacks that directly target web servers.

In the coming chapters, we will be particularly concerned with attacks that come ...

Get Grokking Web Application Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Grokking Web Application Security by Malcolm McDonald

11 Payload vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly