O'Reilly logo

The Basics of Web Hacking by Josh Pauli

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5

Web Application Exploitation with Broken Authentication and Path Traversal

Chapter Rundown:

■ Why authentication and session vulnerabilities are so widespread

■ Using Burp Intruder for brute force authentication attacks

■ Why session attacks are so difficult: cookie cracking is not a good idea

■ Pillaging the web server’s file system with path traversal attacks

Introduction

Authentication allows us to sign in to a web application so we have a personalized browsing experience, while session management keeps tracks of the requests and responses so we can perform multistep actions such as shopping and bill paying. They are really two peas in a pod. Neither authentication nor session management was considered when the HTTP protocol was invented ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required