book

Web Security Testing Cookbook

by Paco Hope, Ben Walther

October 2008

Intermediate to advanced

312 pages

8h 57m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who This Book Is ForLeveraging Free ToolsAbout the CoverOrganizationConventions Used in This BookUsing Code ExamplesSafari® Books OnlineComments and QuestionsAcknowledgments
What Is Security Testing?What Are Web Applications?Web Application FundamentalsWeb App Security TestingIt’s About the How
2.1. Installing Firefox2.2. Installing Firefox Extensions2.3. Installing Firebug2.4. Installing OWASP’s WebScarab2.5. Installing Perl and Packages on Windows2.6. Installing Perl and Using CPAN on Linux, Unix, or OS X2.7. Installing CAL90002.8. Installing the ViewState Decoder2.9. Installing cURL2.10. Installing Pornzilla2.11. Installing Cygwin2.12. Installing Nikto 22.13. Installing Burp Suite2.14. Installing Apache HTTP Server
3.1. Viewing a Page’s HTML Source3.2. Viewing the Source, Advanced3.3. Observing Live Request Headers with Firebug3.4. Observing Live Post Data with WebScarab3.5. Seeing Hidden Form Fields3.6. Observing Live Response Headers with TamperData3.7. Highlighting JavaScript and Comments3.8. Detecting JavaScript Events3.9. Modifying Specific Element Attributes3.10. Track Element Attributes Dynamically3.11. Conclusion
4.1. Recognizing Binary Data Representations4.2. Working with Base 644.3. Converting Base-36 Numbers in a Web Page4.4. Working with Base 36 in Perl4.5. Working with URL-Encoded Data4.6. Working with HTML Entity Data4.7. Calculating Hashes4.8. Recognizing Time Formats4.9. Encoding Time Values Programmatically4.10. Decoding ASP.NET’s ViewState4.11. Decoding Multiple Encodings
5.1. Intercepting and Modifying POST Requests5.2. Bypassing Input Limits5.3. Tampering with the URL5.4. Automating URL Tampering5.5. Testing URL-Length Handling5.6. Editing Cookies5.7. Falsifying Browser Header Information5.8. Uploading Files with Malicious Names5.9. Uploading Large Files5.10. Uploading Malicious XML Entity Files5.11. Uploading Malicious XML Structure5.12. Uploading Malicious ZIP Files5.13. Uploading Sample Virus Files5.14. Bypassing User-Interface Restrictions
6.1. Spidering a Website with WebScarab6.2. Turning Spider Results into an Inventory6.3. Reducing the URLs to Test6.4. Using a Spreadsheet to Pare Down the List6.5. Mirroring a Website with LWP6.6. Mirroring a Website with wget6.7. Mirroring a Specific Inventory with wget6.8. Scanning a Website with Nikto6.9. Interpretting Nikto’s Results6.10. Scan an HTTPS Site with Nikto6.11. Using Nikto with Authentication6.12. Start Nikto at a Specific Starting Point6.13. Using a Specific Session Cookie with Nikto6.14. Testing Web Services with WSFuzzer6.15. Interpreting WSFuzzer’s Results
7.1. Fetching a Page with cURL7.2. Fetching Many Variations on a URL7.3. Following Redirects Automatically7.4. Checking for Cross-Site Scripting with cURL7.5. Checking for Directory Traversal with cURL7.6. Impersonating a Specific Kind of Web Browser or Device7.7. Interactively Impersonating Another DeviceImitating a Search Engine with cURL7.8. Faking Workflow by Forging Referer Headers7.9. Fetching Only the HTTP Headers7.10. POSTing with cURL7.11. Maintaining Session State7.12. Manipulating Cookies7.13. Uploading a File with cURL7.14. Building a Multistage Test Case7.15. Conclusion
8.1. Writing a Basic Perl Script to Fetch a Page8.2. Programmatically Changing Parameters8.3. Simulating Form Input with POST8.4. Capturing and Storing Cookies8.5. Checking Session Expiration8.6. Testing Session Fixation8.7. Sending Malicious Cookie Values8.8. Uploading Malicious File Contents8.9. Uploading Files with Malicious Names8.10. Uploading Viruses to Applications8.11. Parsing for a Received Value with Perl8.12. Editing a Page Programmatically8.13. Using Threading for Performance

9.1. Bypassing Required Navigation9.2. Attempting Privileged Operations9.3. Abusing Password Recovery9.4. Abusing Predictable Identifiers9.5. Predicting Credentials9.6. Finding Random Numbers in Your ApplicationTesting Random Numbers9.7. Abusing Repeatability9.8. Abusing High-Load Actions9.9. Abusing Restrictive Functionality9.10. Abusing Race Conditions
10.1. Observing Live AJAX Requests10.2. Identifying JavaScript in Applications10.3. Tracing AJAX Activity Back to Its Source10.4. Intercepting and Modifying AJAX Requests10.5. Intercepting and Modifying Server Responses10.6. Subverting AJAX with Injected Data10.7. Subverting AJAX with Injected XML10.8. Subverting AJAX with Injected JSON10.9. Disrupting Client State10.10. Checking for Cross-Domain Access10.11. Reading Private Data via JSON Hijacking
11.1. Finding Session Identifiers in Cookies11.2. Finding Session Identifiers in Requests11.3. Finding Authorization Headers11.4. Analyzing Session ID Expiration11.5. Analyzing Session Identifiers with Burp11.6. Analyzing Session Randomness with WebScarab11.7. Changing Sessions to Evade Restrictions11.8. Impersonating Another User11.9. Fixing Sessions11.10. Testing for Cross-Site Request Forgery
12.1. Stealing Cookies Using XSS12.2. Creating Overlays Using XSS12.3. Making HTTP Requests Using XSS12.4. Attempting DOM-Based XSS Interactively12.5. Bypassing Field Length Restrictions (XSS)12.6. Attempting Cross-Site Tracing Interactively12.7. Modifying Host Headers12.8. Brute-Force Guessing Usernames and Passwords12.9. Attempting PHP Include File Injection Interactively12.10. Creating Decompression Bombs12.11. Attempting Command Injection Interactively12.12. Attempting Command Injection Systematically12.13. Attempting XPath Injection Interactively12.14. Attempting Server-Side Includes (SSI) Injection Interactively12.15. Attempting Server-Side Includes (SSI) Injection Systematically12.16. Attempting LDAP Injection Interactively12.17. Attempting Log Injection Interactively

Content preview from Web Security Testing Cookbook

Chapter 2. Installing Some Free Tools

Every contrivance of man, every tool, every instrument, every utensil, every article designed for use, of each and every kind, evolved from a very simple beginning.

—Robert Collier

These tools can cover the breadth and depth needed to perform comprehensive web application security testing. Many of these tools will be useful to you, yet some not. The usefulness of any individual tool will depend heavily on your context—particularly the web application’s language and what you most need to protect.

This chapter is a reference chapter, even more so than the rest of the book. These recipes recommend tools and discuss a bit of their use and background. Unlike later chapters, these recipes don’t directly build up to comprehensive security tests.

Instead, this chapter can be thought of as part of setting up your environment. Just as you might set up a separate environment for performance testing, you’ll want to set up at least one workstation with the tools you’ll need for security testing. That said, many people use the regular QA server and environment for security tests—and this generally works well. Just beware that any security test failures may corrupt data or take down the server, impacting existing test efforts.

2.1. Installing Firefox

Problem

The Firefox web browser, with its extensible add-on architecture, serves as the best browser for web application security testing.

Solution

Using your system default web browser, visit http://www.mozilla.com/en-US/firefox/ ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9780596514839Errata Page

Web Security Testing Cookbook

by Paco Hope, Ben Walther

Chapter 2. Installing Some Free Tools

2.1. Installing Firefox

Problem

Solution

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Security for Web Developers

Hands-On Security in DevOps

Software Security Testing

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Publisher Resources

Chapter 2. Installing Some Free Tools

2.1. Installing Firefox

Problem

Solution

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Security for Web Developers

Hands-On Security in DevOps

Software Security Testing

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.