O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Index

A

Absinthe, 322

absolute URLs, open redirection vulnerabilities

blocking, 544545

prefix, 545546

“accept known good” approach, input, 24

access

ASP attackers, 658660

ASP.NET API methods

database, 721

file, 720

ASPs and customer, 665666

database

ASP.NET API methods, 721

Java API methods, 714715

Perl language API methods, 737738

PHP API methods, 729730

defense mechanisms handling, 1821

authentication, 1819

control, 2021

session management, 1920

Java API methods

database, 714715

file, 713

Perl language API methods

database, 737738

file, 737

PHP API methods

database, 729730

file, 727729

shared hosting

attackers, 658660

customer, 665666

trust relationships in tiered architecture, 649

access controls

account testing, 267270

API methods, 276277

HTTP methods, 278

limited access, 273276

multistage function, 271273

static resources, 277

application mapping, 268269

attackers, 266278

types, 258260

usernames and passwords, 275276

back-end components, 357

broken, 7, 274

context-dependent, 258

declarative, 282283

defective, 257

discretionary, 282

flaws, 284

hacker's methodology

insecure access, 823

limited access, 822823

multiple accounts, 822

requirements, 821

horizontal, 258

identifier-based functions, 261262

insecure methods, 265266

location-based, 266

multistage functions, 262263

testing, 271273

parameter-based, 265266

per-user segregation, 274

platforms, 264265

programmatic, 282

referer-based, 266

role-based, 282

security, 278283

best practices, 279 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required