February 2006
Intermediate to advanced
240 pages
5h 47m
English
book
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
by James A. Whittaker, Mike Andrews
Content preview from How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
CHAPTER 5. Attacking User-Supplied Input Data
What’s In This Chapter?
This chapter details methods of tampering with input data that is passed from the client machine to the Web application that resides on the Web server. These attacks are mandatory for any Web application and represent some of the most commonly exploited vulnerabilities in modern Web applications.
Introduction
When a Web application or any program reads user-supplied input, many things can go wrong. The input may be too long, of the wrong type (for example, the user may have entered a character where a number was expected), or represent an illegal or harmful value (a user ...