book

Web Application Vulnerabilities

by Steven Palmer

April 2011

Intermediate to advanced

480 pages

11h 4m

English

Syngress

Read now

Unlock full access

IntroductionWeb Application Architecture ComponentsThe Web ServerThe Application ContentThe Data StoreComplex Web Application Software ComponentsLoginSession Tracking MechanismUser Permissions EnforcementRole Level EnforcementData AccessApplication LogicLogoutPutting it all TogetherThe Web Application Hacking MethodologyDefine the Scope of the EngagementBefore Beginning the Actual AssessmentOpen Source Intelligence ScanningDefault Material ScanningBase Line the ApplicationFuzzingExploiting/Validating VulnerabilitiesReportingThe History of Web Application Hacking and the Evolution of ToolsExample 1: Manipulating the URL Directly (GET Method Form Submittal)Example 2: The POST MethodExample 3: Man in the Middle SocketsThe Graphical User Interface Man in the Middle ProxyCommon (or Known) Vulnerability ScannersSpiders and other CrawlersAutomated FuzzersAll in One and Multi Function ToolsOWASP’s WebScarab DemonstrationStarting WebScarabNext: Create a new sessionNext: Ensure the Proxy Service is ListeningNext, Configure Your Web BrowserNext, Configure WebScarab to Intercept RequestsNext, Bring up the Summary TabWeb Application Hacking Tool ListSecurity E-Mail ListsSummary
IntroductionThe Principles of Automating SearchesThe Original Search TermExpanding Search TermsE-mail AddressesTelephone NumbersPeopleGetting Lots of ResultsMore CombinationsUsing “Special” OperatorsGetting the Data From the SourceScraping it Yourself – Requesting and Receiving ResponsesScraping it Yourself – The Butcher ShopDapperAura/EvilAPIUsing Other Search EnginesParsing the DataParsing E-mail AddressesDomains and Sub-domainsTelephone NumbersPost ProcessingSorting Results by RelevanceBeyond SnippetsPresenting ResultsApplications of Data MiningMildly AmusingMost InterestingTaking It One Step FurtherCollecting Search TermsOn the WebSpying on Your OwnSearch TermsGmailHoney WordsReferralsSummary
IntroductionCross Site Scripting (XSS)Presenting False InformationHow this Example WorksPresenting a False FormExploiting Browser Based VulnerabilitiesExploit Client/Server Trust Relationships
IntroductionAttackAPIEnumerating the ClientAttacking NetworksHijacking the BrowserControlling ZombiesBeEFInstalling and Configuring BeEFControlling ZombiesBeEF ModulesStandard Browser ExploitsPort Scanning with BeEFInter-protocol Exploitation and Communication with BeEFCAL9000XSS Attacks, Cheat Sheets, and ChecklistsEncoder, Decoders, and Miscellaneous ToolsHTTP Requests/Responses and Automatic TestingOverview of XSS-ProxyXSS-Proxy Hijacking ExplainedBrowser Hijacking DetailsInitializationCommand ModeAttacker Control InterfaceUsing XSS-Proxy: ExamplesSetting Up XSS-ProxyInjection and Initialization Vectors For XSS-ProxyHTML InjectionJavaScript InjectionHandoff and CSRF With HijacksCSRFHandoff Hijack to Other SitesSage and File:// Hijack With Malicious RSS FeedSummarySolutions Fast TrackAttackAPIBeEFCAL9000XSS-ProxyFrequently Asked Questions
IntroductionAttacks on the WebHacking into Web SitesIndex HijackingDNS Poisoning (Pharming)Malware and the Web: What, Where, and How to ScanWhat to ScanWhere to ScanHow to ScanParsing and Emulating HTMLBrowser VulnerabilitiesTesting HTTP-scanning SolutionsTangled Legal WebSummarySolutions Fast TrackAttacks on the WebHacking into Web SitesIndex hijackingDNS Poisoning (pharming)What to Scan?Where to Scan?How to Scan?Parsing and Emulating HTML“JS/Feebs@MM” familyBrowser vulnerabilitiesTesting of HTTP-scanning SolutionsTangled Legal WebFrequently Asked Questions
ObjectivesIntroductionWeb Server Vulnerabilities: A Short HistoryWeb Applications: The New ChallengeChapter ScopeApproachWeb Server TestingCGI and Default Pages TestingWeb Application TestingCore TechnologiesWeb Server Exploit BasicsWhat Are We Talking About?Stack-Based OverflowsHeap-based OverflowsCGI and Default Page ExploitationWeb Application AssessmentInformation Gathering AttacksFile System and Directory Traversal AttacksCommand Execution AttacksDatabase Query Injection AttacksCross-site Scripting AttacksImpersonation AttacksParameter Passing AttacksOpen Source ToolsIntelligence Gathering ToolsScanning ToolsAssessment ToolsAuthenticationProxyExploitation ToolsMetasploitSQL Injection ToolsDNS ChannelTiming ChannelRequirementsSupported DatabasesExample UsageCase Studies: The Tools in ActionWeb Server AssessmentsCGI and Default Page ExploitationWeb Application Assessment
IntroductionWeb SecurityWeb Server LockdownManaging Access ControlHandling Directory and Data StructuresDirectory PropertiesEliminating Scripting VulnerabilitiesLogging ActivityPerforming BackupsMaintaining IntegrityFinding Rogue Web ServersStopping Browser ExploitsExploitable Browser CharacteristicsCookiesWeb SpoofingWeb Server ExploitsSSL and HTTP/SSSL and TLSHTTP/STLSS-HTTPInstant MessagingPacket Sniffers and Instant MessagingText Messaging and Short Message Service (SMS)Web-based VulnerabilitiesUnderstanding Java-, JavaScript-, and ActiveX-based ProblemsJavaActiveXDangers Associated with Using ActiveXAvoiding Common ActiveX VulnerabilitiesLessening the Impact of ActiveX VulnerabilitiesProtection at the Network LevelProtection at the Client LevelJavaScriptPreventing Problems with Java, JavaScript, and ActiveXProgramming Secure ScriptsCode Signing: Solution or More Problems?Understanding Code SigningThe Benefits of Code SigningProblems with the Code Signing ProcessBuffer OverflowsMaking Browsers and E-mail Clients More SecureRestricting Programming LanguagesKeep Security Patches CurrentSecuring Web Browser SoftwareSecuring Microsoft IECGIWhat is a CGI Script and What Does It Do?Typical Uses of CGI ScriptsBreak-ins Resulting from Weak CGI ScriptsCGI WrappersNiktoFTP SecurityActive and Passive FTPS/FTPSecure CopyBlind FTP/AnonymousFTP Sharing and VulnerabilitiesPacket Sniffing FTP TransmissionsDirectory Services and LDAP SecurityLDAPLDAP DirectoriesOrganizational UnitsObjects, Attributes and the SchemaSecuring LDAPSummarySolutions Fast TrackWeb SecurityFTP SecurityLDAP SecurityFrequently Asked Questions

Content preview from Web Application Vulnerabilities

Chapter 4. Client-Side Exploit Frameworks

Introduction

In a relatively short time, client-side security has become one of the most researched and discussed topics in the information security world. Being a low priority for a number of years, security and software vendors have just started to realize the real potential in this long-forgotten ...