8. Protecting a Flawed Web Application: Buggy Bank
“Give a man an audit and he will be secure for a day. Teach a man to audit and he will be secure for the rest of his life.”
So, you want to put the knowledge that you learned in Chapter 7 to use, huh? In order to do this, you first must have an application that has some known vulnerabilities to use as the target. Do you have access to such an application? The common response is no, since due diligence requires that any vulnerabilities should have already had an appropriate patch or fix applied. Another option would be to probe and test someone else’s web server; however, this is not a good idea unless your future plan is to fine-tune your web security skills while sitting in jail. ...