{"product_id":"the-web-application-hackers-handbook-9781118026472","title":"The Web Application Hackers Handbook","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eThe highly successful security book returns with a new edition, completely updated    Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eIntroduction xxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Web Application (In)security 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Evolution of Web Applications 2\u003c\/p\u003e \u003cp\u003eCommon Web Application Functions 4\u003c\/p\u003e \u003cp\u003eBenefits of Web Applications 5\u003c\/p\u003e \u003cp\u003eWeb Application Security 6\u003c\/p\u003e \u003cp\u003e“This Site Is Secure” 7\u003c\/p\u003e \u003cp\u003eThe Core Security Problem: Users Can Submit Arbitrary Input 9\u003c\/p\u003e \u003cp\u003eKey Problem Factors 10\u003c\/p\u003e \u003cp\u003eThe New Security Perimeter 12\u003c\/p\u003e \u003cp\u003eThe Future of Web Application Security 14\u003c\/p\u003e \u003cp\u003eSummary 15\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Core Defense Mechanisms 17\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHandling User Access 18\u003c\/p\u003e \u003cp\u003eAuthentication 18\u003c\/p\u003e \u003cp\u003eSession Management 19\u003c\/p\u003e \u003cp\u003eAccess Control 20\u003c\/p\u003e \u003cp\u003eHandling User Input 21\u003c\/p\u003e \u003cp\u003eVarieties of Input 21\u003c\/p\u003e \u003cp\u003eApproaches to Input Handling 23\u003c\/p\u003e \u003cp\u003eBoundary Validation 25\u003c\/p\u003e \u003cp\u003eMultistep Validation and Canonicalization 28\u003c\/p\u003e \u003cp\u003eHandling Attackers 30\u003c\/p\u003e \u003cp\u003eHandling Errors 30\u003c\/p\u003e \u003cp\u003eMaintaining Audit Logs 31\u003c\/p\u003e \u003cp\u003eAlerting Administrators 33\u003c\/p\u003e \u003cp\u003eReacting to Attacks 34\u003c\/p\u003e \u003cp\u003eManaging the Application 35\u003c\/p\u003e \u003cp\u003eSummary 36\u003c\/p\u003e \u003cp\u003eQuestions 36\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Web Application Technologies 39\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe HTTP Protocol 39\u003c\/p\u003e \u003cp\u003eHTTP Requests 40\u003c\/p\u003e \u003cp\u003eHTTP Responses 41\u003c\/p\u003e \u003cp\u003eHTTP Methods 42\u003c\/p\u003e \u003cp\u003eURLs 44\u003c\/p\u003e \u003cp\u003eRest 44\u003c\/p\u003e \u003cp\u003eHTTP Headers 45\u003c\/p\u003e \u003cp\u003eCookies 47\u003c\/p\u003e \u003cp\u003eStatus Codes 48\u003c\/p\u003e \u003cp\u003eHttps 49\u003c\/p\u003e \u003cp\u003eHTTP Proxies 49\u003c\/p\u003e \u003cp\u003eHTTP Authentication 50\u003c\/p\u003e \u003cp\u003eWeb Functionality 51\u003c\/p\u003e \u003cp\u003eServer-Side Functionality 51\u003c\/p\u003e \u003cp\u003eClient-Side Functionality 57\u003c\/p\u003e \u003cp\u003eState and Sessions 66\u003c\/p\u003e \u003cp\u003eEncoding Schemes 66\u003c\/p\u003e \u003cp\u003eURL Encoding 67\u003c\/p\u003e \u003cp\u003eUnicode Encoding 67\u003c\/p\u003e \u003cp\u003eHTML Encoding 68\u003c\/p\u003e \u003cp\u003eBase64 Encoding 69\u003c\/p\u003e \u003cp\u003eHex Encoding 69\u003c\/p\u003e \u003cp\u003eRemoting and Serialization Frameworks 70\u003c\/p\u003e \u003cp\u003eNext Steps 70\u003c\/p\u003e \u003cp\u003eQuestions 71\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Mapping the Application 73\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEnumerating Content and Functionality 74\u003c\/p\u003e \u003cp\u003eWeb Spidering 74\u003c\/p\u003e \u003cp\u003eUser-Directed Spidering 77\u003c\/p\u003e \u003cp\u003eDiscovering Hidden Content 80\u003c\/p\u003e \u003cp\u003eApplication Pages Versus Functional Paths 93\u003c\/p\u003e \u003cp\u003eDiscovering Hidden Parameters 96\u003c\/p\u003e \u003cp\u003eAnalyzing the Application 97\u003c\/p\u003e \u003cp\u003eIdentifying Entry Points for User Input 98\u003c\/p\u003e \u003cp\u003eIdentifying Server-Side Technologies 101\u003c\/p\u003e \u003cp\u003eIdentifying Server-Side Functionality 107\u003c\/p\u003e \u003cp\u003eMapping the Attack Surface 111\u003c\/p\u003e \u003cp\u003eSummary 114\u003c\/p\u003e \u003cp\u003eQuestions 114\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Bypassing Client-Side Controls 117\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTransmitting Data Via the Client 118\u003c\/p\u003e \u003cp\u003eHidden Form Fields 118\u003c\/p\u003e \u003cp\u003eHTTP Cookies 121\u003c\/p\u003e \u003cp\u003eURL Parameters 121\u003c\/p\u003e \u003cp\u003eThe Referer Header 122\u003c\/p\u003e \u003cp\u003eOpaque Data 123\u003c\/p\u003e \u003cp\u003eThe ASP.NET ViewState 124\u003c\/p\u003e \u003cp\u003eCapturing User Data: HTML Forms 127\u003c\/p\u003e \u003cp\u003eLength Limits 128\u003c\/p\u003e \u003cp\u003eScript-Based Validation 129\u003c\/p\u003e \u003cp\u003eDisabled Elements 131\u003c\/p\u003e \u003cp\u003eCapturing User Data: Browser Extensions 133\u003c\/p\u003e \u003cp\u003eCommon Browser Extension Technologies 134\u003c\/p\u003e \u003cp\u003eApproaches to Browser Extensions 135\u003c\/p\u003e \u003cp\u003eIntercepting Traffic from Browser Extensions 135\u003c\/p\u003e \u003cp\u003eDecompiling Browser Extensions 139\u003c\/p\u003e \u003cp\u003eAttaching a Debugger 151\u003c\/p\u003e \u003cp\u003eNative Client Components 153\u003c\/p\u003e \u003cp\u003eHandling Client-Side Data Securely 154\u003c\/p\u003e \u003cp\u003eTransmitting Data Via the Client 154\u003c\/p\u003e \u003cp\u003eValidating Client-Generated Data 155\u003c\/p\u003e \u003cp\u003eLogging and Alerting 156\u003c\/p\u003e \u003cp\u003eSummary 156\u003c\/p\u003e \u003cp\u003eQuestions 157\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Attacking Authentication 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAuthentication Technologies 160\u003c\/p\u003e \u003cp\u003eDesign Flaws in Authentication Mechanisms 161\u003c\/p\u003e \u003cp\u003eBad Passwords 161\u003c\/p\u003e \u003cp\u003eBrute-Forcible Login 162\u003c\/p\u003e \u003cp\u003eVerbose Failure Messages 166\u003c\/p\u003e \u003cp\u003eVulnerable Transmission of Credentials 169\u003c\/p\u003e \u003cp\u003ePassword Change Functionality 171\u003c\/p\u003e \u003cp\u003eForgotten Password Functionality 173\u003c\/p\u003e \u003cp\u003e“Remember Me” Functionality 176\u003c\/p\u003e \u003cp\u003eUser Impersonation Functionality 178\u003c\/p\u003e \u003cp\u003eIncomplete Validation of Credentials 180\u003c\/p\u003e \u003cp\u003eNonunique Usernames 181\u003c\/p\u003e \u003cp\u003ePredictable Usernames 182\u003c\/p\u003e \u003cp\u003ePredictable Initial Passwords 183\u003c\/p\u003e \u003cp\u003eInsecure Distribution of Credentials 184\u003c\/p\u003e \u003cp\u003eImplementation Flaws in Authentication 185\u003c\/p\u003e \u003cp\u003eFail-Open Login Mechanisms 185\u003c\/p\u003e \u003cp\u003eDefects in Multistage Login Mechanisms 186\u003c\/p\u003e \u003cp\u003eInsecure Storage of Credentials 190\u003c\/p\u003e \u003cp\u003eSecuring Authentication 191\u003c\/p\u003e \u003cp\u003eUse Strong Credentials 192\u003c\/p\u003e \u003cp\u003eHandle Credentials Secretively 192\u003c\/p\u003e \u003cp\u003eValidate Credentials Properly 193\u003c\/p\u003e \u003cp\u003ePrevent Information Leakage 195\u003c\/p\u003e \u003cp\u003ePrevent Brute-Force Attacks 196\u003c\/p\u003e \u003cp\u003ePrevent Misuse of the Password Change Function 199\u003c\/p\u003e \u003cp\u003ePrevent Misuse of the Account Recovery Function 199\u003c\/p\u003e \u003cp\u003eLog, Monitor, and Notify 201\u003c\/p\u003e \u003cp\u003eSummary 201\u003c\/p\u003e \u003cp\u003eQuestions 202\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Attacking Session Management 205\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Need for State 206\u003c\/p\u003e \u003cp\u003eAlternatives to Sessions 208\u003c\/p\u003e \u003cp\u003eWeaknesses in Token Generation 210\u003c\/p\u003e \u003cp\u003eMeaningful Tokens 210\u003c\/p\u003e \u003cp\u003ePredictable Tokens 213\u003c\/p\u003e \u003cp\u003eEncrypted Tokens 223\u003c\/p\u003e \u003cp\u003eWeaknesses in Session Token Handling 233\u003c\/p\u003e \u003cp\u003eDisclosure of Tokens on the Network 234\u003c\/p\u003e \u003cp\u003eDisclosure of Tokens in Logs 237\u003c\/p\u003e \u003cp\u003eVulnerable Mapping of Tokens to Sessions 240\u003c\/p\u003e \u003cp\u003eVulnerable Session Termination 241\u003c\/p\u003e \u003cp\u003eClient Exposure to Token Hijacking 243\u003c\/p\u003e \u003cp\u003eLiberal Cookie Scope 244\u003c\/p\u003e \u003cp\u003eSecuring Session Management 248\u003c\/p\u003e \u003cp\u003eGenerate Strong Tokens 248\u003c\/p\u003e \u003cp\u003eProtect Tokens Throughout Their Life Cycle 250\u003c\/p\u003e \u003cp\u003eLog, Monitor, and Alert 253\u003c\/p\u003e \u003cp\u003eSummary 254\u003c\/p\u003e \u003cp\u003eQuestions 255\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Attacking Access Controls 257\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommon Vulnerabilities 258\u003c\/p\u003e \u003cp\u003eCompletely Unprotected Functionality 259\u003c\/p\u003e \u003cp\u003eIdentifier-Based Functions 261\u003c\/p\u003e \u003cp\u003eMultistage Functions 262\u003c\/p\u003e \u003cp\u003eStatic Files 263\u003c\/p\u003e \u003cp\u003ePlatform Misconfiguration 264\u003c\/p\u003e \u003cp\u003eInsecure Access Control Methods 265\u003c\/p\u003e \u003cp\u003eAttacking Access Controls 266\u003c\/p\u003e \u003cp\u003eTesting with Different User Accounts 267\u003c\/p\u003e \u003cp\u003eTesting Multistage Processes 271\u003c\/p\u003e \u003cp\u003eTesting with Limited Access 273\u003c\/p\u003e \u003cp\u003eTesting Direct Access to Methods 276\u003c\/p\u003e \u003cp\u003eTesting Controls Over Static Resources 277\u003c\/p\u003e \u003cp\u003eTesting Restrictions on HTTP Methods 278\u003c\/p\u003e \u003cp\u003eSecuring Access Controls 278\u003c\/p\u003e \u003cp\u003eA Multilayered Privilege Model 280\u003c\/p\u003e \u003cp\u003eSummary 284\u003c\/p\u003e \u003cp\u003eQuestions 284\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Attacking Data Stores 287\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInjecting into Interpreted Contexts 288\u003c\/p\u003e \u003cp\u003eBypassing a Login 288\u003c\/p\u003e \u003cp\u003eInjecting into SQL 291\u003c\/p\u003e \u003cp\u003eExploiting a Basic Vulnerability 292\u003c\/p\u003e \u003cp\u003eInjecting into Different Statement Types 294\u003c\/p\u003e \u003cp\u003eFinding SQL Injection Bugs 298\u003c\/p\u003e \u003cp\u003eFingerprinting the Database 303\u003c\/p\u003e \u003cp\u003eThe UNION Operator 304\u003c\/p\u003e \u003cp\u003eExtracting Useful Data 308\u003c\/p\u003e \u003cp\u003eExtracting Data with UNION 308\u003c\/p\u003e \u003cp\u003eBypassing Filters 311\u003c\/p\u003e \u003cp\u003eSecond-Order SQL Injection 313\u003c\/p\u003e \u003cp\u003eAdvanced Exploitation 314\u003c\/p\u003e \u003cp\u003eBeyond SQL Injection: Escalating the Database Attack 325\u003c\/p\u003e \u003cp\u003eUsing SQL Exploitation Tools 328\u003c\/p\u003e \u003cp\u003eSQL Syntax and Error Reference 332\u003c\/p\u003e \u003cp\u003ePreventing SQL Injection 338\u003c\/p\u003e \u003cp\u003eInjecting into NoSQL 342\u003c\/p\u003e \u003cp\u003eInjecting into MongoDB 343\u003c\/p\u003e \u003cp\u003eInjecting into XPath 344\u003c\/p\u003e \u003cp\u003eSubverting Application Logic 345\u003c\/p\u003e \u003cp\u003eInformed XPath Injection 346\u003c\/p\u003e \u003cp\u003eBlind XPath Injection 347\u003c\/p\u003e \u003cp\u003eFinding XPath Injection Flaws 348\u003c\/p\u003e \u003cp\u003ePreventing XPath Injection 349\u003c\/p\u003e \u003cp\u003eInjecting into LDAP 349\u003c\/p\u003e \u003cp\u003eExploiting LDAP Injection 351\u003c\/p\u003e \u003cp\u003eFinding LDAP Injection Flaws 353\u003c\/p\u003e \u003cp\u003ePreventing LDAP Injection 354\u003c\/p\u003e \u003cp\u003eSummary 354\u003c\/p\u003e \u003cp\u003eQuestions 354\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Attacking Back-End Components 357\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInjecting OS Commands 358\u003c\/p\u003e \u003cp\u003eExample 1: Injecting Via Perl 358\u003c\/p\u003e \u003cp\u003eExample 2: Injecting Via ASP 360\u003c\/p\u003e \u003cp\u003eInjecting Through Dynamic Execution 362\u003c\/p\u003e \u003cp\u003eFinding OS Command Injection Flaws 363\u003c\/p\u003e \u003cp\u003eFinding Dynamic Execution Vulnerabilities 366\u003c\/p\u003e \u003cp\u003ePreventing OS Command Injection 367\u003c\/p\u003e \u003cp\u003ePreventing Script Injection Vulnerabilities 368\u003c\/p\u003e \u003cp\u003eManipulating File Paths 368\u003c\/p\u003e \u003cp\u003ePath Traversal Vulnerabilities 368\u003c\/p\u003e \u003cp\u003eFile Inclusion Vulnerabilities 381\u003c\/p\u003e \u003cp\u003eInjecting into XML Interpreters 383\u003c\/p\u003e \u003cp\u003eInjecting XML External Entities 384\u003c\/p\u003e \u003cp\u003eInjecting into SOAP Services 386\u003c\/p\u003e \u003cp\u003eFinding and Exploiting SOAP Injection 389\u003c\/p\u003e \u003cp\u003ePreventing SOAP Injection 390\u003c\/p\u003e \u003cp\u003eInjecting into Back-end HTTP Requests 390\u003c\/p\u003e \u003cp\u003eServer-side HTTP Redirection 390\u003c\/p\u003e \u003cp\u003eHTTP Parameter Injection 393\u003c\/p\u003e \u003cp\u003eInjecting into Mail Services 397\u003c\/p\u003e \u003cp\u003eE-mail Header Manipulation 398\u003c\/p\u003e \u003cp\u003eSMTP Command Injection 399\u003c\/p\u003e \u003cp\u003eFinding SMTP Injection Flaws 400\u003c\/p\u003e \u003cp\u003ePreventing SMTP Injection 402\u003c\/p\u003e \u003cp\u003eSummary 402\u003c\/p\u003e \u003cp\u003eQuestions 403\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Attacking Application Logic 405\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Nature of Logic Flaws 406\u003c\/p\u003e \u003cp\u003eReal-World Logic Flaws 406\u003c\/p\u003e \u003cp\u003eExample 1: Asking the Oracle 407\u003c\/p\u003e \u003cp\u003eExample 2: Fooling a Password Change Function 409\u003c\/p\u003e \u003cp\u003eExample 3: Proceeding to Checkout 410\u003c\/p\u003e \u003cp\u003eExample 4: Rolling Your Own Insurance 412\u003c\/p\u003e \u003cp\u003eExample 5: Breaking the Bank 414\u003c\/p\u003e \u003cp\u003eExample 6: Beating a Business Limit 416\u003c\/p\u003e \u003cp\u003eExample 7: Cheating on Bulk Discounts 418\u003c\/p\u003e \u003cp\u003eExample 8: Escaping from Escaping 419\u003c\/p\u003e \u003cp\u003eExample 9: Invalidating Input Validation 420\u003c\/p\u003e \u003cp\u003eExample 10: Abusing a Search Function 422\u003c\/p\u003e \u003cp\u003eExample 11: Snarfing Debug Messages 424\u003c\/p\u003e \u003cp\u003eExample 12: Racing Against the Login 426\u003c\/p\u003e \u003cp\u003eAvoiding Logic Flaws 428\u003c\/p\u003e \u003cp\u003eSummary 429\u003c\/p\u003e \u003cp\u003eQuestions 430\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Attacking Users: Cross-Site Scripting 431\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eVarieties of XSS 433\u003c\/p\u003e \u003cp\u003eReflected XSS Vulnerabilities 434\u003c\/p\u003e \u003cp\u003eStored XSS Vulnerabilities 438\u003c\/p\u003e \u003cp\u003eDOM-Based XSS Vulnerabilities 440\u003c\/p\u003e \u003cp\u003eXSS Attacks in Action 442\u003c\/p\u003e \u003cp\u003eReal-World XSS Attacks 442\u003c\/p\u003e \u003cp\u003ePayloads for XSS Attacks 443\u003c\/p\u003e \u003cp\u003eDelivery Mechanisms for XSS Attacks 447\u003c\/p\u003e \u003cp\u003eFinding and Exploiting XSS Vulnerabilities 451\u003c\/p\u003e \u003cp\u003eFinding and Exploiting Reflected XSS Vulnerabilities 452\u003c\/p\u003e \u003cp\u003eFinding and Exploiting Stored XSS Vulnerabilities 481\u003c\/p\u003e \u003cp\u003eFinding and Exploiting DOM-Based XSS Vulnerabilities 487\u003c\/p\u003e \u003cp\u003ePreventing XSS Attacks 492\u003c\/p\u003e \u003cp\u003ePreventing Reflected and Stored XSS 492\u003c\/p\u003e \u003cp\u003ePreventing DOM-Based XSS 496\u003c\/p\u003e \u003cp\u003eSummary 498\u003c\/p\u003e \u003cp\u003eQuestions 498\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Attacking Users: Other Techniques 501\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInducing User Actions 501\u003c\/p\u003e \u003cp\u003eRequest Forgery 502\u003c\/p\u003e \u003cp\u003eUI Redress 511\u003c\/p\u003e \u003cp\u003eCapturing Data Cross-Domain 515\u003c\/p\u003e \u003cp\u003eCapturing Data by Injecting HTML 516\u003c\/p\u003e \u003cp\u003eCapturing Data by Injecting CSS 517\u003c\/p\u003e \u003cp\u003eJavaScript Hijacking 519\u003c\/p\u003e \u003cp\u003eThe Same-Origin Policy Revisited 524\u003c\/p\u003e \u003cp\u003eThe Same-Origin Policy and Browser Extensions 525\u003c\/p\u003e \u003cp\u003eThe Same-Origin Policy and HTML 5 528\u003c\/p\u003e \u003cp\u003eCrossing Domains with Proxy Service Applications 529\u003c\/p\u003e \u003cp\u003eOther Client-Side Injection Attacks 531\u003c\/p\u003e \u003cp\u003eHTTP Header Injection 531\u003c\/p\u003e \u003cp\u003eCookie Injection 536\u003c\/p\u003e \u003cp\u003eOpen Redirection Vulnerabilities 540\u003c\/p\u003e \u003cp\u003eClient-Side SQL Injection 547\u003c\/p\u003e \u003cp\u003eClient-Side HTTP Parameter Pollution 548\u003c\/p\u003e \u003cp\u003eLocal Privacy Attacks 550\u003c\/p\u003e \u003cp\u003ePersistent Cookies 550\u003c\/p\u003e \u003cp\u003eCached Web Content 551\u003c\/p\u003e \u003cp\u003eBrowsing History 552\u003c\/p\u003e \u003cp\u003eAutocomplete 552\u003c\/p\u003e \u003cp\u003eFlash Local Shared Objects 553\u003c\/p\u003e \u003cp\u003eSilverlight Isolated Storage 553\u003c\/p\u003e \u003cp\u003eInternet Explorer userData 554\u003c\/p\u003e \u003cp\u003eHTML5 Local Storage Mechanisms 554\u003c\/p\u003e \u003cp\u003ePreventing Local Privacy Attacks 554\u003c\/p\u003e \u003cp\u003eAttacking ActiveX Controls 555\u003c\/p\u003e \u003cp\u003eFinding ActiveX Vulnerabilities 556\u003c\/p\u003e \u003cp\u003ePreventing ActiveX Vulnerabilities 558\u003c\/p\u003e \u003cp\u003eAttacking the Browser 559\u003c\/p\u003e \u003cp\u003eLogging Keystrokes 560\u003c\/p\u003e \u003cp\u003eStealing Browser History and Search Queries 560\u003c\/p\u003e \u003cp\u003eEnumerating Currently Used Applications 560\u003c\/p\u003e \u003cp\u003ePort Scanning 561\u003c\/p\u003e \u003cp\u003eAttacking Other Network Hosts 561\u003c\/p\u003e \u003cp\u003eExploiting Non-HTTP Services 562\u003c\/p\u003e \u003cp\u003eExploiting Browser Bugs 563\u003c\/p\u003e \u003cp\u003eDNS Rebinding 563\u003c\/p\u003e \u003cp\u003eBrowser Exploitation Frameworks 564\u003c\/p\u003e \u003cp\u003eMan-in-the-Middle Attacks 566\u003c\/p\u003e \u003cp\u003eSummary 568\u003c\/p\u003e \u003cp\u003eQuestions 568\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Automating Customized Attacks 571\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUses for Customized Automation 572\u003c\/p\u003e \u003cp\u003eEnumerating Valid Identifiers 573\u003c\/p\u003e \u003cp\u003eThe Basic Approach 574\u003c\/p\u003e \u003cp\u003eDetecting Hits 574\u003c\/p\u003e \u003cp\u003eScripting the Attack 576\u003c\/p\u003e \u003cp\u003eJAttack 577\u003c\/p\u003e \u003cp\u003eHarvesting Useful Data 583\u003c\/p\u003e \u003cp\u003eFuzzing for Common Vulnerabilities 586\u003c\/p\u003e \u003cp\u003ePutting It All Together: Burp Intruder 590\u003c\/p\u003e \u003cp\u003eBarriers to Automation 602\u003c\/p\u003e \u003cp\u003eSession-Handling Mechanisms 602\u003c\/p\u003e \u003cp\u003eCAPTCHA Controls 610\u003c\/p\u003e \u003cp\u003eSummary 613\u003c\/p\u003e \u003cp\u003eQuestions 613\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Exploiting Information Disclosure 615\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExploiting Error Messages 615\u003c\/p\u003e \u003cp\u003eScript Error Messages 616\u003c\/p\u003e \u003cp\u003eStack Traces 617\u003c\/p\u003e \u003cp\u003eInformative Debug Messages 618\u003c\/p\u003e \u003cp\u003eServer and Database Messages 619\u003c\/p\u003e \u003cp\u003eUsing Public Information 623\u003c\/p\u003e \u003cp\u003eEngineering Informative Error Messages 624\u003c\/p\u003e \u003cp\u003eGathering Published Information 625\u003c\/p\u003e \u003cp\u003eUsing Inference 626\u003c\/p\u003e \u003cp\u003ePreventing Information Leakage 627\u003c\/p\u003e \u003cp\u003eUse Generic Error Messages 628\u003c\/p\u003e \u003cp\u003eProtect Sensitive Information 628\u003c\/p\u003e \u003cp\u003eMinimize Client-Side Information Leakage 629\u003c\/p\u003e \u003cp\u003eSummary 629\u003c\/p\u003e \u003cp\u003eQuestions 630\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Attacking Native Compiled Applications 633\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuffer Overflow Vulnerabilities 634\u003c\/p\u003e \u003cp\u003eStack Overflows 634\u003c\/p\u003e \u003cp\u003eHeap Overflows 635\u003c\/p\u003e \u003cp\u003e “Off-by-One” Vulnerabilities 636\u003c\/p\u003e \u003cp\u003eDetecting Buffer Overflow Vulnerabilities 639\u003c\/p\u003e \u003cp\u003eInteger Vulnerabilities 640\u003c\/p\u003e \u003cp\u003eInteger Overflows 640\u003c\/p\u003e \u003cp\u003eSignedness Errors 641\u003c\/p\u003e \u003cp\u003eDetecting Integer Vulnerabilities 642\u003c\/p\u003e \u003cp\u003eFormat String Vulnerabilities 643\u003c\/p\u003e \u003cp\u003eDetecting Format String Vulnerabilities 644\u003c\/p\u003e \u003cp\u003eSummary 645\u003c\/p\u003e \u003cp\u003eQuestions 645\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Attacking Application Architecture 647\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTiered Architectures 647\u003c\/p\u003e \u003cp\u003eAttacking Tiered Architectures 648\u003c\/p\u003e \u003cp\u003eSecuring Tiered Architectures 654\u003c\/p\u003e \u003cp\u003eShared Hosting and Application Service Providers 656\u003c\/p\u003e \u003cp\u003eVirtual Hosting 657\u003c\/p\u003e \u003cp\u003eShared Application Services 657\u003c\/p\u003e \u003cp\u003eAttacking Shared Environments 658\u003c\/p\u003e \u003cp\u003eSecuring Shared Environments 665\u003c\/p\u003e \u003cp\u003eSummary 667\u003c\/p\u003e \u003cp\u003eQuestions 667\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Attacking the Application Server 669\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eVulnerable Server Configuration 670\u003c\/p\u003e \u003cp\u003eDefault Credentials 670\u003c\/p\u003e \u003cp\u003eDefault Content 671\u003c\/p\u003e \u003cp\u003eDirectory Listings 677\u003c\/p\u003e \u003cp\u003eWebDAV Methods 679\u003c\/p\u003e \u003cp\u003eThe Application Server as a Proxy 682\u003c\/p\u003e \u003cp\u003eMisconfigured Virtual Hosting 683\u003c\/p\u003e \u003cp\u003eSecuring Web Server Configuration 684\u003c\/p\u003e \u003cp\u003eVulnerable Server Software 684\u003c\/p\u003e \u003cp\u003eApplication Framework Flaws 685\u003c\/p\u003e \u003cp\u003eMemory Management Vulnerabilities 687\u003c\/p\u003e \u003cp\u003eEncoding and Canonicalization 689\u003c\/p\u003e \u003cp\u003eFinding Web Server Flaws 694\u003c\/p\u003e \u003cp\u003eSecuring Web Server Software 695\u003c\/p\u003e \u003cp\u003eWeb Application Firewalls 697\u003c\/p\u003e \u003cp\u003eSummary 699\u003c\/p\u003e \u003cp\u003eQuestions 699\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19 Finding Vulnerabilities in Source Code 701\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eApproaches to Code Review 702\u003c\/p\u003e \u003cp\u003eBlack-Box Versus White-Box Testing 702\u003c\/p\u003e \u003cp\u003eCode Review Methodology 703\u003c\/p\u003e \u003cp\u003eSignatures of Common Vulnerabilities 704\u003c\/p\u003e \u003cp\u003eCross-Site Scripting 704\u003c\/p\u003e \u003cp\u003eSQL Injection 705\u003c\/p\u003e \u003cp\u003ePath Traversal 706\u003c\/p\u003e \u003cp\u003eArbitrary Redirection 707\u003c\/p\u003e \u003cp\u003eOS Command Injection 708\u003c\/p\u003e \u003cp\u003eBackdoor Passwords 708\u003c\/p\u003e \u003cp\u003eNative Software Bugs 709\u003c\/p\u003e \u003cp\u003eSource Code Comments 710\u003c\/p\u003e \u003cp\u003eThe Java Platform 711\u003c\/p\u003e \u003cp\u003eIdentifying User-Supplied Data 711\u003c\/p\u003e \u003cp\u003eSession Interaction 712\u003c\/p\u003e \u003cp\u003ePotentially Dangerous APIs 713\u003c\/p\u003e \u003cp\u003eConfiguring the Java Environment 716\u003c\/p\u003e \u003cp\u003eASP.NET 718\u003c\/p\u003e \u003cp\u003eIdentifying User-Supplied Data 718\u003c\/p\u003e \u003cp\u003eSession Interaction 719\u003c\/p\u003e \u003cp\u003ePotentially Dangerous APIs 720\u003c\/p\u003e \u003cp\u003eConfiguring the ASP.NET Environment 723\u003c\/p\u003e \u003cp\u003ePHP 724\u003c\/p\u003e \u003cp\u003eIdentifying User-Supplied Data 724\u003c\/p\u003e \u003cp\u003eSession Interaction 727\u003c\/p\u003e \u003cp\u003ePotentially Dangerous APIs 727\u003c\/p\u003e \u003cp\u003eConfiguring the PHP Environment 732\u003c\/p\u003e \u003cp\u003ePerl 735\u003c\/p\u003e \u003cp\u003eIdentifying User-Supplied Data 735\u003c\/p\u003e \u003cp\u003eSession Interaction 736\u003c\/p\u003e \u003cp\u003ePotentially Dangerous APIs 736\u003c\/p\u003e \u003cp\u003eConfiguring the Perl Environment 739\u003c\/p\u003e \u003cp\u003eJavaScript 740\u003c\/p\u003e \u003cp\u003eDatabase Code Components 741\u003c\/p\u003e \u003cp\u003eSQL Injection 741\u003c\/p\u003e \u003cp\u003eCalls to Dangerous Functions 742\u003c\/p\u003e \u003cp\u003eTools for Code Browsing 743\u003c\/p\u003e \u003cp\u003eSummary 744\u003c\/p\u003e \u003cp\u003eQuestions 744\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 20 A Web Application Hacker’s Toolkit 747\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWeb Browsers 748\u003c\/p\u003e \u003cp\u003eInternet Explorer 748\u003c\/p\u003e \u003cp\u003eFirefox 749\u003c\/p\u003e \u003cp\u003eChrome 750\u003c\/p\u003e \u003cp\u003eIntegrated Testing Suites 751\u003c\/p\u003e \u003cp\u003eHow the Tools Work 751\u003c\/p\u003e \u003cp\u003eTesting Work Flow 769\u003c\/p\u003e \u003cp\u003eAlternatives to the Intercepting Proxy 771\u003c\/p\u003e \u003cp\u003eStandalone Vulnerability Scanners 773\u003c\/p\u003e \u003cp\u003eVulnerabilities Detected by Scanners 774\u003c\/p\u003e \u003cp\u003eInherent Limitations of Scanners 776\u003c\/p\u003e \u003cp\u003eTechnical Challenges Faced by Scanners 778\u003c\/p\u003e \u003cp\u003eCurrent Products 781\u003c\/p\u003e \u003cp\u003eUsing a Vulnerability Scanner 783\u003c\/p\u003e \u003cp\u003eOther Tools 785\u003c\/p\u003e \u003cp\u003eWikto\/Nikto 785\u003c\/p\u003e \u003cp\u003eFirebug 785\u003c\/p\u003e \u003cp\u003eHydra 785\u003c\/p\u003e \u003cp\u003eCustom Scripts 786\u003c\/p\u003e \u003cp\u003eSummary 789\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 21 A Web Application Hacker’s Methodology 791\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGeneral Guidelines 793\u003c\/p\u003e \u003cp\u003e1 Map the Application’s Content 795\u003c\/p\u003e \u003cp\u003e2 Analyze the Application 798\u003c\/p\u003e \u003cp\u003e3 Test Client-Side Controls 800\u003c\/p\u003e \u003cp\u003e4 Test the Authentication Mechanism 805\u003c\/p\u003e \u003cp\u003e5 Test the Session Management Mechanism 814\u003c\/p\u003e \u003cp\u003e6 Test Access Controls 821\u003c\/p\u003e \u003cp\u003e7 Test for Input-Based Vulnerabilities 824\u003c\/p\u003e \u003cp\u003e8 Test for Function-Specific Input Vulnerabilities 836\u003c\/p\u003e \u003cp\u003e9 Test for Logic Flaws 842\u003c\/p\u003e \u003cp\u003e10 Test for Shared Hosting Vulnerabilities 845\u003c\/p\u003e \u003cp\u003e11 Test for Application Server Vulnerabilities 846\u003c\/p\u003e \u003cp\u003e12 Miscellaneous Checks 849\u003c\/p\u003e \u003cp\u003e13 Follow Up Any Information Leakage 852\u003c\/p\u003e \u003cp\u003eIndex 853\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":49406822580567,"sku":"9781118026472","price":36.8,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781118026472.jpg?v=1730497233","url":"https:\/\/bookcurl.com\/products\/the-web-application-hackers-handbook-9781118026472","provider":"Book Curl","version":"1.0","type":"link"}