December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Recipe 12-4: Identifying Request Flow Anomalies
This recipe shows you how to identify when clients make a series of requests different from the expected order.
Ingredients
- ModSecurity
- Version 2.7 or higher
- SecDisableBackendCompression directive
- SecContentInjection directive
- SecStreamOutBodyInspection directive
- SecEncryptionEngine directive
- SecEncryptionKey directive
- SecEncryptionParam directive
- SecEncryptionMethodRx directive
CAPEC-140: Bypassing of Intermediate Forms in Multiple-Form Sets
Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application.
Sample Attacks
Banking trojan software such as Zeus and SpyEye offers many ways to automate the process of creating new payee accounts and transferring funds to money mules. In these scenarios, banking trojans often don’t follow ...