O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Questions

Answers can be found at http://mdsec.net/wahh.

  1. List three categories of common vulnerabilities that often have easily recognizable signatures within source code.
  2. Why can identifying all sources of user input sometimes be challenging when reviewing a PHP application?
  3. Consider the following two methods of performing a SQL query that incorporates user-supplied input:
    // method 1
    String artist = request.getParameter(“artist”).replaceAll(“'”, “''”);
    String genre = request.getParameter(“genre”).replaceAll(“'”, “''”);
    String album = request.getParameter(“album”).replaceAll(“'”, “''”);
    Statement s = connection.createStatement();
    s.executeQuery(“SELECT * FROM music WHERE artist = '” + artist + '“ AND genre = '” + genre + '“ AND album = '” + album + “'”);
    
    // method 2
    String artist = request.getParameter(“artist”);
    String genre = request.getParameter(“genre”);
    String album = request.getParameter(“album”);
    Statement s = connection.prepareStatement(“SELECT * FROM music WHERE artist = '” + artist +
    “' AND genre = ? AND album = ?”);
    s.setString(1, genre);
    s.setString(2, album);
    s.executeQuery();

    Which of these methods is more secure, and why?

  4. You are reviewing the codebase of a Java application. During initial reconnaissance, you search for all uses of the HttpServletRequest.getParameter API. The following code catches your eye:
    private void setWelcomeMessage(HttpServletRequest request) throws ServletException { String name = request.getParameter(“name”); if (name == null) name ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required