book

Web Hacking: Attacks and Defense

Name: Web Hacking: Attacks and Defense
ISBN: 0201761769

by Stuart McClure, Saumil Shah, Shreeraj Shah

August 2002

Intermediate to advanced

528 pages

9h 37m

English

Addison-Wesley Professional

Read now

Unlock full access

Copyright
Dedication
Foreword
Introduction
“We're Secure, We Have a Firewall”To Err Is HumanWriting on the WallBook OrganizationPartsChaptersA Final WordAcknowledgmentsContributor
1. The E-Commerce Playground
1. Web Languages: The Babylon of the 21st Century
IntroductionLanguages of the WebHTMLDynamic HTML (DHTML)XMLXHTMLPerlPHPColdFusionColdFusion Application ServerColdFusion Markup LanguageColdFusion StudioActive Server PagesDatabase ConnectivityConnectionStringActiveXASP SummaryCGIEnvironmental VariablesServer-Side Includes (SSI): HTML and SHTMLMicrosoft's IIS Web Server and SSIJavaClient-Based JavaAppletsJava Scripting LanguagesJavaScriptJscriptServer-Based JavaJava Server Pages (JSP)Database ConnectivitySource Code DisclosureCase SensitivityForcing Default HandlersArbitrary Command ExecutionJHTMLSource Code DisclosureForcing Default HandlersCase SensitivitySummary
2. Web and Database Servers
IntroductionWeb ServersApacheVirtual HostsName-Based MechanismIP-Based MechanismUNIX IP AliasingServer Side IncludesCGIScriptAliasHandlersMicrosoft's Internet Information Server (IIS)ISAPI ApplicationsVirtual DirectoriesSample FilesVirtual HostsSecondary IP AddressesMultiple Web SitesDatabase ServersSQL PoisoningData ProducingError ProducingSQL CommandsMicrosoft SQL ServerDefault Stored ProceduresDefault DatabasesDefault System TablesDefault System and Meta-Data FunctionsInformation Schema ViewsPasswordsMicrosoft SQL Server SummaryOracleSystem TablesPasswordsPrivilegesOracle ListenerStatus RequestSummary
3. Shopping Carts and Payment Gateways
IntroductionEvolution of the StorefrontElectronic ShoppingShopping Cart SystemsScope and Lifetime of an Electronic Shopping CartCollecting, Analyzing, and Comparing Selected ComponentsKeeping Track of the Total CostChange of MindProcessing the PurchaseImplementation of a Shopping Cart ApplicationProduct CatalogSession ManagementDatabase InterfacingIntegration with the Payment GatewayExamples of Poorly Implemented Shopping CartsCarello Shopping CartDCShop Shopping CartHassan Consulting's Shopping CartCart32 and Several Other Shopping CartsProcessing PaymentsFinalizing the OrderMethod of PaymentVerification and Fraud ProtectionOrder Fulfillment and Receipt GenerationOverview of the Payment Processing SystemOrder Confirmation PagePayment Gateway InterfaceTransaction Database InterfaceInterfacing with a Payment Gateway—An ExamplePayment System Implementation IssuesIntegrationTemporary InformationSSLStoring User ProfilesPayPal—Enabling Individuals to Accept Electronic PaymentsSummary
4. HTTP and HTTPS: The Hacking Protocols
IntroductionProtocols of the WebHTTPHTTP/0.9HTTP/1.0HTTP RequestHTTP ResponseResponse CodeHeader FieldsDataHTTP/1.1HTTP RequestHTTP ResponseResponse CodesHeader FieldsHTTPS (HTTP over SSL)Summary
5. URL: The Web Hacker's Sword
IntroductionURL StructureURLs and Parameter PassingURL EncodingMeta-CharactersSpecifying Special Characters on the URL StringUnicode EncodingAbusing URL EncodingUnicode VulnerabilityThe Double-Decode or Superfluous Decode VulnerabilityHTML FormsAnatomy of an HTML FormInput ElementsParameter Passing Via GET and POSTSummary
2. URLs Unraveled

6. Web: Under (the) Cover
IntroductionThe Components of a Web ApplicationThe Front-End Web ServerThe Web Application Execution EnvironmentThe Database ServerWiring the ComponentsThe Native Application Processing EnvironmentWeb Server APIs and Plug-InsURL Mapping and Internal ProxyingProxying with a Back-End Application ServerExamplesInterfacing PHP3 with ApacheInterfacing ServletExec as an Apache DSOInterfacing ServletExec as an ISAPI Extension to Microsoft IISInterfacing IIS and Domino Servers with Netscape Enterprise ServerConnecting with the DatabaseUsing Native Database APIsExamplesCalling the SQL Server from Active Server PagesCalling Oracle 8i from PHPUsing ODBCUsing JDBCSpecialized Web Application ServersIdentifying Web Application Components from URLsThe Basics of Technology IdentificationExamplesURL: http://www1.example.com/homepage.nsf?OpenURL: http://www2.example.com/software/buy.jhtml;jsessionid=ZYQFN5W HKORD5QFIAE0SFF GAVAAUIIV0URL: http://www3.example.com/cgi-bin/ncommerce3/ExecMacro/webstore/ home.d2w/reportURL: http://www4.example.com/ category.jsp?id=21&StoreSession=PC1q Nwwm0xqCFOWHZcYxZaZ21laYQEfOetnSjrYtrsxSC1V7b|3886513130244820/ 167838525/6/7001/7001/7002/7002/7001/-1URL: http://www5.example.com/site/index/0,10017,2578,00.htmlMore ExamplesURL: http://www6.example.com/report.cgi?page=3URL: http://www7.example.com/ui/Login.jspAdvanced Techniques for Technology IdentificationExamplesURL: http://www8.example.com/webapp/wcs/stores/servlet/Display?storeId= 10001&langId=-1&catalogId=10001&categoryId=10052&clearance=0&catTree= 10052URL: https://www9.example.com/OA_HTML/store.jsp?section=101&prod_ses=j= 4081:Guest:US:jtfpfalse:jtfpi-1:671:504:75123~zv=75123~zs=t~zp=504~zo=2~zm= 101~zj=Guest~zi=504Identifying Database ServersCountermeasuresRule 1: Minimize Information Leaked from the HTTP HeaderRule 2: Prevent Error Information from Being Sent to the BrowserSummary
7. Reading Between the Lines
IntroductionInformation Leakage Through HTMLWhat the Browsers Don't Show YouNetscape Navigator—View | Page SourceInternet Explorer—View | SourceClues to Look ForHTML CommentsRevision HistoryDeveloper or Author DetailsCross-References to Other Areas of the Web ApplicationReminders and PlaceholdersComments Inserted by Web Application ServersOld “Commented-Out” CodeInternal and External HyperlinksE-Mail Addresses and UsernamesUBE, UCE, Junk Mail, and SpamKeywords and Meta TagsHidden FieldsClient-Side ScriptsAutomated Source Sifting TechniquesUsing wgetUsing grepSam Spade, Black Widow, and Teleport ProSummary
8. Site Linkage Analysis
IntroductionHTML and Site Linkage AnalysisSite Linkage Analysis MethodologyStep 1: Crawling the Web SiteCrawling a Site ManuallyA Closer Look at the HTTP Response HeaderSome Popular Tools for Site Linkage AnalysisGNU wgetBlackWidow from SoftByteLabsFunnel Web Profiler from Quest SoftwareStep-1 Wrap-UpStep 2: Creating Logical Groups Within the Application StructureStep-2 Wrap-UpStep 3: Analyzing Each Web Resource1. Extension Analysis2. URL Path Analysis3. Session Analysis4. Form Determination5. Applet and Object Identification6. Client-Side Script Evaluation7. Comment and E-Mail Address AnalysisStep-3 Wrap-UpStep 4: Inventorying Web ResourcesSummary
3. How Do They Do It?
9. Cyber Graffiti
IntroductionDefacing Acme Travel, Inc.'s Web SiteMapping the Target NetworkThrowing Proxy Servers in ReverseBrute Forcing HTTP AuthenticationDirectory BrowsingUploading the Defaced PagesWhat Went Wrong?HTTP Brute-Forcing ToolsBrutusWebCracker 4.0Countermeasures Against the Acme Travel, Inc. HackTurning Off Reverse ProxyingUsing Stronger HTTP Authentication PasswordsTurning off Directory BrowsingSummary
10. E-Shoplifting
IntroductionBuilding an Electronic StoreThe Store Front-EndThe Shopping CartThe Checkout StationThe DatabasePutting It All TogetherEvolution of Electronic StorefrontsRobbing Acme Fashions, Inc.Setting Up Acme's Electronic StorefrontTracking Down the ProblemThe Hidden Dangers of Hidden FieldsBypassing Client-Side ValidationOverhauling www.acme-fashions.comFacing a New Problem with the Overhauled SystemRemote Command ExecutionPostmortem and Further CountermeasuresSummary
11. Database Access
IntroductionA Used Car Dealership Is HackedInput ValidationCountermeasuresSummary
12. Java: Remote Command Execution
IntroductionJava-Driven TechnologyArchitecture of Java Application ServersAttacking a Java Web ServerIdentifying Loopholes in Java Application ServersExample: Online Stock Trading PortalWebLogic Servlets and HandlersApplication Handlers and InvokersInvoking FileServletInvoking SSIServletInvoking the JSPServlet and Forcing It to Compile html/txtCountermeasuresHarden the Java Web ServerOther Conceptual CountermeasuresIsolate System Core Servlets from Application ServletsProhibit Execution of Unregistered ServletsBind Servlets to Resource TypesValidate Input ThoroughlyDisable Direct Application Servlet InvocationUnregister All Unused and Example ServletsSummary
13. Impersonation
IntroductionSession Hijacking: A Stolen Identity and a Broken DateMarch 5, 7:00 A.M.—Alice's Residence8:30 A.M.—Alice's Workplace10:00 A.M.—Bob's Office11:00 A.M.—Bob's Office12:30 P.M.—Alice's Office9:30 P.M.—Bertolini's Italian CuisineSession HijackingPostmortem of the Session Hijacking AttackApplication State DiagramsHTTP and Session TrackingStateless Versus Stateful ApplicationsCookies and Hidden FieldsCookiesHidden FieldsImplementing Session and State TrackingSession Identifiers Should Be UniqueSession Identifiers Should Not Be “Guessable”Session Identifiers Should Be IndependentSession Identifiers Should Be Mapped with Client-Side ConnectionsSummary
14. Buffer Overflows: On-the-Fly
IntroductionExampleBuffer OverflowsBuffer Overflow: Its Simplest FormAssembly Language in a NutshellGeneral Purpose RegistersPointer (a.k.a. Index) RegistersThe StackAssembler InstructionsTracking the Rogue BytesBuffer Overflow: An ExampleDisassemblyBlind Stress TestingPostmortem CountermeasuresSummary
4. Advanced Web Kung Fu
15. Web Hacking: Automated Tools
IntroductionNetcatWhiskerBrute ForceBrutusAchillesCookie PalTeleport ProSecurity RecommendationsSummary
16. Worms
IntroductionCode Red WormJanuary 26, 2000June 18, 2001: The First AttackJuly 12, 2001The DetailsJuly 19, 2001August 4, 2001Nimda WormSeptember 18, 2001Network Shares—Nimda Also Has the Ability to Spread via Misconfigured or Insecure Network SharesThe DetailsCombatting Worm EvolutionReact and RespondSummary
17. Beating the IDS
IntroductionIDS BasicsNetwork IDSsHost-Based IDSsIDS AccuracyGetting Past an IDSSecure Hacking—Hacking Over SSLExampleTunneling Attacks via SSLIntrusion Detection via SSLSniffing SSL TrafficPolymorphic URLsHexadecimal EncodingIllegal Unicode/Superfluous EncodingAdding Fake PathsInserting Slash-Dot-Slash StringsUsing Nonstandard Path SeparatorsUsing Multiple SlashesMixing Various TechniquesGenerating False PositivesPotential CountermeasuresSSL DecryptionURL DecodingSummary
A. Web and Database Port Listing
B. HTTP/1.1 and HTTP/1.0 Method and Field Definitions
C. Remote Command Execution Cheat Sheet
D. Source Code, File, and Directory Disclosure Cheat Sheet
E. Resources and Links
F. Web-Related Tools

Overview

"Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..."
--From the Foreword by William C. Boni, Chief Information Security Officer, Motorola

"Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why."
--Lance Spitzner, Founder, The Honeynet Project

Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.

Features include:

Overview of the Web and what hackers go after

Complete Web application security methodologies

Detailed analysis of hack techniques

Countermeasures

What to do at development time to eliminate vulnerabilities

New case studies and eye-opening attack scenarios

Advanced Web hacking concepts, methodologies, and tools

"How Do They Do It?" sections show how and why different attacks succeed, including:

Cyber graffiti and Web site defacements

e-Shoplifting

Database access and Web applications

Java™ application servers; how to harden your Java™ Web Server

Impersonation and session hijacking

Buffer overflows, the most wicked of attacks

Automated attack tools and worms

Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.

Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.

0201761769B07192002

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hands-On Web Penetration Testing with Metasploit

Publisher Resources

ISBN: 0201761769Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills