Chapter 9. Emerging Attack Vectors

In this chapter, we will see some of the emerging attack vectors that have been recently discovered and less common ones which have resurfaced again with a potentially high impact with respect to the security of web applications.

We'll cover the following topics in this chapter:

Server Side Request Forgery
Insecure Direct Object Reference
DOM clobbering
Relative Path Overwrite
UI redressing
PHP Object Injection

Server Side Request Forgery

Server Side Request Forgery, or SSRF, is a recently publicized chain of vulnerabilities which primarily result in a web application server acting as a proxy and can then be used to make (spoof) connections to external servers or resources through a vulnerable web application. This might ...

Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Modern Web Penetration Testing by Prakhar Prasad

Chapter 9. Emerging Attack Vectors

Server Side Request Forgery

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly