This chapter details assessment of web applications found running on web servers. A number of technologies and platforms are used by organizations to run and support web applications, including Microsoft ASP.NET, Sun JSP, and PHP. Upon performing web server assessment and crawling to identify web application components and variables, we can perform deep manual web application testing to compromise backend server components through command injection and other attacks.
Web applications are built and delivered using technologies and protocols across three layers:
Figure 7-1 (as prepared by the OWASP team) shows these layers and associated web browser, web server, application server, and database technologies, along with the protocols that allow data to be exchanged between tiers.
Vulnerabilities can exist in any of these tiers, so it is important to ensure that even small exposures can’t be combined to result in a compromise. From a secure design and development perspective, you must filter and control data flow between the three tiers.
Fingerprinting and assessment of web servers is covered in Chapter 6. In this chapter we detail fingerprinting of application server and backend database components, and assessment ...