How to break Web software: functional and security testing of Web applications and Web services [8. print ed.] 0321369440, 9780321369444

Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grow

189 70 7MB

English Pages XV, 219 Seiten: Illustrationen + 1 CD-ROM (12 cm) [240] Year 2006;2010

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Cover......Page 1
Table of Contents......Page 14
Preface......Page 8
Acknowledgments......Page 10
About the Authors......Page 12
Introduction......Page 18
The World Wide Web......Page 19
The Price of Web Utopia......Page 22
The Web Versus Client-Server......Page 23
The Web Client......Page 26
The Network......Page 27
Introduction......Page 28
Attack 1 Panning for Gold......Page 29
Attack 2 Guessing Files and Directories......Page 37
Attack 3 Holes Left by Other People—Vulnerabilities in Sample Applications......Page 43
Introduction......Page 46
Attack 4 Bypass Restrictions on Input Choices......Page 47
Attack 5 Bypass Client-Side Validation......Page 52
Introduction......Page 58
Attack 6 Hidden Fields......Page 59
Attack 7 CGI Parameters......Page 63
Attack 8 Cookie Poisoning......Page 68
Attack 9 URL Jumping......Page 72
Attack 10 Session Hijacking......Page 76
Introduction......Page 82
Attack 11 Cross-Site Scripting......Page 83
Attack 12 SQL Injection......Page 91
Attack 13 Directory Traversal......Page 96
Introduction......Page 102
Attack 14 Buffer Overflows......Page 103
Attack 15 Canonicalization......Page 107
Attack 16 NULL-String Attacks......Page 112
Introduction......Page 116
Attack 17 SQL Injection II—Stored Procedures......Page 117
Attack 18 Command Injection......Page 120
Attack 19 Fingerprinting the Server......Page 123
Attack 20 Denial of Service......Page 129
Introduction......Page 132
Attack 21 Fake Cryptography......Page 133
Attack 22 Breaking Authentication......Page 137
Attack 23 Cross-Site Tracing......Page 142
Attack 24 Forcing Weak Cryptography......Page 146
Introduction......Page 152
User Agents......Page 153
Referrer......Page 156
Cookies......Page 157
Clipboard Access......Page 159
Caching Pages......Page 161
Browser Helper Objects......Page 163
What Are Web Services?......Page 166
XML......Page 167
SOAP......Page 168
WSDL......Page 169
WSDL Scanning Attack......Page 170
XPATH Injection Attack......Page 172
Recursive Payload Attack......Page 173
External Entity Attack......Page 174
Appendix A: Fifty Years of Software: Key Principles for Quality......Page 176
1950 to 1959: Genesis......Page 177
1960 to 1969: Exodus......Page 178
1970 to 1979: Chaos......Page 179
CASE Tools......Page 180
Formal Methods......Page 181
1990 to 1999: Process......Page 182
2000 to 2009: Engineering?......Page 184
Appendix B: Flowershop Bugs......Page 188
TextPad......Page 196
Nikto......Page 197
Wikto......Page 200
Stunnel......Page 206
BlackWidow......Page 207
Wget......Page 210
cURL......Page 212
Paros......Page 215
SPIKE Proxy......Page 217
SSLDigger......Page 221
The Human Brain......Page 222
A......Page 224
B......Page 225
C......Page 226
D......Page 227
F......Page 228
I-J......Page 229
N......Page 230
P......Page 231
S......Page 232
U......Page 234
W......Page 235
X......Page 236

How to break Web software: functional and security testing of Web applications and Web services [8. print ed.]
 0321369440, 9780321369444

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Recommend Papers