Injection and Overflow Testing
All websites in this day and age provide dynamic responses to users that are informed by some external database or inferred from a process external to the HTML itself. On the clients, this is typically cordoned off and restricted to the Domain Object Model (DOM) space of the browser, but on the servers the variety and scope of these intertwined processes become exceedingly hard to manage. With all of a typical enterprise's defences tuned to permit application-bound traffic into the web tier, and the web tier, in turn, trusted to access the application and database tiers, hackers have learned to web tier into their stooge. The web tier unwittingly becomes an insider threat, and with it comes all privileged access ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access