The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws 9780470170779, 0470170778

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain eac

371 17 6MB

English Pages 722 [771] Year 2007

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
The Web Application Hacker’s Handbook......Page 4
About the Authors......Page 6
Credits......Page 7
Contents......Page 8
Acknowledgments......Page 26
Overview of This Book......Page 28
How This Book Is Organized......Page 29
What's on the Web Site......Page 34
Bring It On......Page 35
Chapter 1: Web Application (In)security......Page 36
The Evolution of Web Applications......Page 37
Web Application Security......Page 40
Chapter Summary......Page 48
Chapter 2: Core Defense Mechanisms......Page 50
Handling User Access......Page 51
Handling User Input......Page 54
Handling Attackers......Page 62
Managing the Application......Page 67
Chapter Summary......Page 68
Questions......Page 69
The HTTP Protocol......Page 70
Web Functionality......Page 82
Encoding Schemes......Page 91
Questions......Page 94
Chapter 4: Mapping the Application......Page 96
Enumerating Content and Functionality......Page 97
Analyzing the Application......Page 114
Chapter Summary......Page 127
Questions......Page 128
Transmitting Data via the Client......Page 130
Capturing User Data: HTML Forms......Page 141
Capturing User Data: Thick-Client Components......Page 146
Handling Client-Side Data Securely......Page 163
Chapter Summary......Page 166
Questions......Page 167
Chapter 6: Attacking Authentication......Page 168
Authentication Technologies......Page 169
Design Flaws in Authentication Mechanisms......Page 170
Implementation Flaws in Authentication......Page 191
Securing Authentication......Page 197
Chapter Summary......Page 207
Questions......Page 208
Chapter 7: Attacking Session Management......Page 210
The Need for State......Page 211
Weaknesses in Session Token Generation......Page 215
Weaknesses in Session Token Handling......Page 226
Securing Session Management......Page 241
Chapter Summary......Page 248
Questions......Page 249
Chapter 8: Attacking Access Controls......Page 252
Common Vulnerabilities......Page 253
Attacking Access Controls......Page 259
Securing Access Controls......Page 263
Chapter Summary......Page 269
Questions......Page 270
Chapter 9: Injecting Code......Page 272
Injecting into Interpreted Languages......Page 273
Injecting into SQL......Page 275
Injecting OS Commands......Page 335
Injecting into Web Scripting Languages......Page 342
Injecting into SOAP......Page 348
Injecting into XPath......Page 351
Injecting into SMTP......Page 356
Injecting into LDAP......Page 361
Questions......Page 366
Common Vulnerabilities......Page 368
Finding and Exploiting Path Traversal Vulnerabilities......Page 370
Preventing Path Traversal Vulnerabilities......Page 379
Questions......Page 381
Chapter 11: Attacking Application Logic......Page 384
Real-World Logic Flaws......Page 385
Avoiding Logic Flaws......Page 405
Questions......Page 407
Chapter 12: Attacking Other Users......Page 410
Cross-Site Scripting......Page 411
Redirection Attacks......Page 463
HTTP Header Injection......Page 469
Frame Injection......Page 473
Request Forgery......Page 475
JSON Hijacking......Page 481
Session Fixation......Page 485
Attacking ActiveX Controls......Page 489
Local Privacy Attacks......Page 493
Advanced Exploitation Techniques......Page 496
Questions......Page 504
Chapter 13: Automating Bespoke Attacks......Page 506
Uses for Bespoke Automation......Page 507
Enumerating Valid Identifiers......Page 508
Harvesting Useful Data......Page 519
Fuzzing for Common Vulnerabilities......Page 522
Putting It All Together: Burp Intruder......Page 526
Questions......Page 537
Exploiting Error Messages......Page 540
Gathering Published Information......Page 548
Using Inference......Page 549
Preventing Information Leakage......Page 551
Questions......Page 553
Chapter 15: Attacking Compiled Applications......Page 556
Buffer Overflow Vulnerabilities......Page 557
Integer Vulnerabilities......Page 564
Format String Vulnerabilities......Page 566
Chapter Summary......Page 568
Questions......Page 569
Tiered Architectures......Page 570
Shared Hosting and Application Service Providers......Page 577
Questions......Page 586
Vulnerable Web Server Configuration......Page 588
Vulnerable Web Server Software......Page 601
Questions......Page 609
Chapter 18: Finding Vulnerabilities in Source Code......Page 612
Approaches to Code Review......Page 613
Signatures of Common Vulnerabilities......Page 615
The Java Platform......Page 622
ASP.NET......Page 629
PHP......Page 636
Perl......Page 646
JavaScript......Page 651
Database Code Components......Page 652
Tools for Code Browsing......Page 654
Chapter Summary......Page 655
Questions......Page 656
Chapter 19: A Web Application Hacker’s Toolkit......Page 658
Web Browsers......Page 659
Integrated Testing Suites......Page 662
Vulnerability Scanners......Page 684
Other Tools......Page 694
Chapter Summary......Page 699
Chapter 20: A Web Application Hacker’s Methodology......Page 700
General Guidelines......Page 702
1. Map the Application’s Content......Page 704
2. Analyze the Application......Page 707
3. Test Client-Side Controls......Page 710
4. Test the Authentication Mechanism......Page 714
5. Test the Session Management Mechanism......Page 723
6. Test Access Controls......Page 731
7. Test for Input-Based Vulnerabilities......Page 734
8. Test for Function-Specific Input Vulnerabilities......Page 747
9. Test for Logic Flaws......Page 752
10. Test for Shared Hosting Vulnerabilities......Page 755
11. Test for Web Server Vulnerabilities......Page 756
12. Miscellaneous Checks......Page 759
Index......Page 764

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
 9780470170779, 0470170778

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Recommend Papers