book

Web Application Vulnerabilities

Name: Web Application Vulnerabilities
Author: Steven Palmer
ISBN: 9780080556642

by Steven Palmer

April 2011

Intermediate to advanced

480 pages

11h 4m

English

Syngress

Read now

Unlock full access

Copyright
Contributing Authors
1. Introduction to Web Application Hacking
IntroductionWeb Application Architecture ComponentsThe Web ServerThe Application ContentThe Data StoreComplex Web Application Software ComponentsLoginSession Tracking MechanismUser Permissions EnforcementRole Level EnforcementData AccessApplication LogicLogoutPutting it all TogetherThe Web Application Hacking MethodologyDefine the Scope of the EngagementBefore Beginning the Actual AssessmentOpen Source Intelligence ScanningDefault Material ScanningBase Line the ApplicationFuzzingExploiting/Validating VulnerabilitiesReportingThe History of Web Application Hacking and the Evolution of ToolsExample 1: Manipulating the URL Directly (GET Method Form Submittal)Example 2: The POST MethodExample 3: Man in the Middle SocketsThe Graphical User Interface Man in the Middle ProxyCommon (or Known) Vulnerability ScannersSpiders and other CrawlersAutomated FuzzersAll in One and Multi Function ToolsOWASP’s WebScarab DemonstrationStarting WebScarabNext: Create a new sessionNext: Ensure the Proxy Service is ListeningNext, Configure Your Web BrowserNext, Configure WebScarab to Intercept RequestsNext, Bring up the Summary TabWeb Application Hacking Tool ListSecurity E-Mail ListsSummary
2. Information Gathering Techniques
IntroductionThe Principles of Automating SearchesThe Original Search TermExpanding Search TermsE-mail AddressesTelephone NumbersPeopleGetting Lots of ResultsMore CombinationsUsing “Special” OperatorsGetting the Data From the SourceScraping it Yourself – Requesting and Receiving ResponsesScraping it Yourself – The Butcher ShopDapperAura/EvilAPIUsing Other Search EnginesParsing the DataParsing E-mail AddressesDomains and Sub-domainsTelephone NumbersPost ProcessingSorting Results by RelevanceBeyond SnippetsPresenting ResultsApplications of Data MiningMildly AmusingMost InterestingTaking It One Step FurtherCollecting Search TermsOn the WebSpying on Your OwnSearch TermsGmailHoney WordsReferralsSummary
3. Introduction to Server Side Input Validation Issues
IntroductionCross Site Scripting (XSS)Presenting False InformationHow this Example WorksPresenting a False FormExploiting Browser Based VulnerabilitiesExploit Client/Server Trust Relationships
4. Client-Side Exploit Frameworks
IntroductionAttackAPIEnumerating the ClientAttacking NetworksHijacking the BrowserControlling ZombiesBeEFInstalling and Configuring BeEFControlling ZombiesBeEF ModulesStandard Browser ExploitsPort Scanning with BeEFInter-protocol Exploitation and Communication with BeEFCAL9000XSS Attacks, Cheat Sheets, and ChecklistsEncoder, Decoders, and Miscellaneous ToolsHTTP Requests/Responses and Automatic TestingOverview of XSS-ProxyXSS-Proxy Hijacking ExplainedBrowser Hijacking DetailsInitializationCommand ModeAttacker Control InterfaceUsing XSS-Proxy: ExamplesSetting Up XSS-ProxyInjection and Initialization Vectors For XSS-ProxyHTML InjectionJavaScript InjectionHandoff and CSRF With HijacksCSRFHandoff Hijack to Other SitesSage and File:// Hijack With Malicious RSS FeedSummarySolutions Fast TrackAttackAPIBeEFCAL9000XSS-ProxyFrequently Asked Questions
5. Web-Based Malware
IntroductionAttacks on the WebHacking into Web SitesIndex HijackingDNS Poisoning (Pharming)Malware and the Web: What, Where, and How to ScanWhat to ScanWhere to ScanHow to ScanParsing and Emulating HTMLBrowser VulnerabilitiesTesting HTTP-scanning SolutionsTangled Legal WebSummarySolutions Fast TrackAttacks on the WebHacking into Web SitesIndex hijackingDNS Poisoning (pharming)What to Scan?Where to Scan?How to Scan?Parsing and Emulating HTML“JS/Feebs@MM” familyBrowser vulnerabilitiesTesting of HTTP-scanning SolutionsTangled Legal WebFrequently Asked Questions
6. Web Server and Web Application Testing with BackTrack
ObjectivesIntroductionWeb Server Vulnerabilities: A Short HistoryWeb Applications: The New ChallengeChapter ScopeApproachWeb Server TestingCGI and Default Pages TestingWeb Application TestingCore TechnologiesWeb Server Exploit BasicsWhat Are We Talking About?Stack-Based OverflowsHeap-based OverflowsCGI and Default Page ExploitationWeb Application AssessmentInformation Gathering AttacksFile System and Directory Traversal AttacksCommand Execution AttacksDatabase Query Injection AttacksCross-site Scripting AttacksImpersonation AttacksParameter Passing AttacksOpen Source ToolsIntelligence Gathering ToolsScanning ToolsAssessment ToolsAuthenticationProxyExploitation ToolsMetasploitSQL Injection ToolsDNS ChannelTiming ChannelRequirementsSupported DatabasesExample UsageCase Studies: The Tools in ActionWeb Server AssessmentsCGI and Default Page ExploitationWeb Application Assessment
7. Securing Web Based Services
IntroductionWeb SecurityWeb Server LockdownManaging Access ControlHandling Directory and Data StructuresDirectory PropertiesEliminating Scripting VulnerabilitiesLogging ActivityPerforming BackupsMaintaining IntegrityFinding Rogue Web ServersStopping Browser ExploitsExploitable Browser CharacteristicsCookiesWeb SpoofingWeb Server ExploitsSSL and HTTP/SSSL and TLSHTTP/STLSS-HTTPInstant MessagingPacket Sniffers and Instant MessagingText Messaging and Short Message Service (SMS)Web-based VulnerabilitiesUnderstanding Java-, JavaScript-, and ActiveX-based ProblemsJavaActiveXDangers Associated with Using ActiveXAvoiding Common ActiveX VulnerabilitiesLessening the Impact of ActiveX VulnerabilitiesProtection at the Network LevelProtection at the Client LevelJavaScriptPreventing Problems with Java, JavaScript, and ActiveXProgramming Secure ScriptsCode Signing: Solution or More Problems?Understanding Code SigningThe Benefits of Code SigningProblems with the Code Signing ProcessBuffer OverflowsMaking Browsers and E-mail Clients More SecureRestricting Programming LanguagesKeep Security Patches CurrentSecuring Web Browser SoftwareSecuring Microsoft IECGIWhat is a CGI Script and What Does It Do?Typical Uses of CGI ScriptsBreak-ins Resulting from Weak CGI ScriptsCGI WrappersNiktoFTP SecurityActive and Passive FTPS/FTPSecure CopyBlind FTP/AnonymousFTP Sharing and VulnerabilitiesPacket Sniffing FTP TransmissionsDirectory Services and LDAP SecurityLDAPLDAP DirectoriesOrganizational UnitsObjects, Attributes and the SchemaSecuring LDAPSummarySolutions Fast TrackWeb SecurityFTP SecurityLDAP SecurityFrequently Asked Questions

Content preview from Web Application Vulnerabilities

Chapter 2. Information Gathering Techniques

Introduction

There are various reasons for hacking. When most of us hear hacker we think about computer and network security, but lawyers, salesmen, and policemen are also hackers at heart. It’s really a state of mind and a way of thinking rather than a physical attribute. Why do people hack? There are a couple of motivators, but one specific reason is to be able to know things that the ordinary man on the street doesn’t. From this flow many of the other motivators. Knowledge is power—there’s ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781597492096

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Web Application Vulnerabilities

by Steven Palmer

Chapter 2. Information Gathering Techniques

Introduction

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.