6

Validating (Data) Inputs – Part 1

You made it to Chapter 6, the meat and potatoes of hacking! In this chapter are the attack vectors that everyone comes to know, love, hate, and want to recreate. Here, we’ll begin digging our hands into attack methods that exploit fields or objects susceptible to input validation issues, poor encoding practices, or lack of parameterization on the backend with database inputs.

Though many are aware of attacks such as cross-site scripting (XSS) that can exploit sessions or Structured Query Language (SQL) Injection attacks to bypass authentication or pull data across from databases, we’ll also dig into many more attacks that capitalize on the same poor coding practices.

In this chapter, we will cover the following ...

Get Zed Attack Proxy Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.