O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Contents

Introduction

Chapter 1 Web Application (In)security

The Evolution of Web Applications

Common Web Application Functions

Benefits of Web Applications

Web Application Security

“This Site Is Secure”

The Core Security Problem: Users Can Submit Arbitrary Input

Key Problem Factors

The New Security Perimeter

The Future of Web Application Security

Summary

Chapter 2 Core Defense Mechanisms

Handling User Access

Authentication

Session Management

Access Control

Handling User Input

Varieties of Input

Approaches to Input Handling

Boundary Validation

Multistep Validation and Canonicalization

Handling Attackers

Handling Errors

Maintaining Audit Logs

Alerting Administrators

Reacting to Attacks

Managing the Application

Summary

Questions

Chapter 3 Web Application Technologies

The HTTP Protocol

HTTP Requests

HTTP Responses

HTTP Methods

URLs

REST

HTTP Headers

Cookies

Status Codes

HTTPS

HTTP Proxies

HTTP Authentication

Web Functionality

Server-Side Functionality

Client-Side Functionality

State and Sessions

Encoding Schemes

URL Encoding

Unicode Encoding

HTML Encoding

Base64 Encoding

Hex Encoding

Remoting and Serialization Frameworks

Next Steps

Questions

Chapter 4 Mapping the Application

Enumerating Content and Functionality

Web Spidering

User-Directed Spidering

Discovering Hidden Content

Application Pages Versus Functional Paths

Discovering Hidden Parameters

Analyzing the Application

Identifying Entry Points for User Input

Identifying Server-Side Technologies

Identifying Server-Side Functionality ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required