Web application vulnerabilities detect, exploit, prevent
This book is about Web Application Hacking. The world-renowned authors teach the reader to use publicly available tools to conduct thorough assessments of web application. This assessment process provides the reader with an understanding of Web application vulnerabilities and how they are exploited...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington, MA :
Syngress Pub
c2007.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627372806719 |
Tabla de Contenidos:
- Front Cover; Web Application Vulnerabilities Detect, Exploit, Prevent; Copyright Page; Contributing Authors; Contents; Chapter 1 : Introduction to Web Application Hacking; Introduction; Web Application Architecture Components; The Web Server; The Application Content; The Data Store; Complex Web Application Software Components; Login; Session Tracking Mechanism; User Permissions Enforcement; Role Level Enforcement; Data Access; Application Logic; Logout; Putting it all Together; The Web Application Hacking Methodology; Define the Scope of the Engagement; Before Beginning the Actual Assessment
- Open Source Intelligence ScanningDefault Material Scanning; Base Line the Application; Fuzzing; Exploiting/Validating Vulnerabilities; Reporting; The History of Web Application Hacking and the Evolution of Tools; Example 1: Manipulating the URL Directly (GET Method Form Submittal); Example 2: The POST Method; Example 3: Man in the Middle Sockets; The Graphical User Interface Man in the Middle Proxy; Common (or Known) Vulnerability Scanners; Spiders and other Crawlers; Automated Fuzzers; All in One and Multi Function Tools; OWASP's WebScarab Demonstration; Starting WebScarab
- Next: Create a new sessionNext: Ensure the Proxy Service is Listening; Next, Configure Your Web Browser; Next, Configure WebScarab to Intercept Requests; Next, Bring up the Summary Tab; Web Application Hacking Tool List; Security E-Mail Lists; Summary; Chapter 2 : Information Gathering Techniques; Introduction; The Principles of Automating Searches; The Original Search Term; Expanding Search Terms; E-mail Addresses; Telephone Numbers; People; Getting Lots of Results; More Combinations; Using ""Special"" Operators; Getting the Data From the Source
- Scraping it Yourself - Requesting and Receiving ResponsesScraping it Yourself - The Butcher Shop; Dapper; Aura/EvilAPI; Using Other Search Engines; Parsing the Data; Parsing E-mail Addresses; Domains and Sub-domains; Telephone Numbers; Post Processing; Sorting Results by Relevance; Beyond Snippets; Presenting Results; Applications of Data Mining; Mildly Amusing; Most Interesting; Taking It One Step Further; Collecting Search Terms; On the Web; Spying on Your Own; Search Terms; Gmail; Honey Words; Referrals; Summary; Chapter 3 : Introduction to Server Side Input Validation Issues; Introduction
- Cross Site Scripting (XSS)Presenting False Information; How this Example Works; Presenting a False Form; Exploiting Browser Based Vulnerabilities; Exploit Client/Server Trust Relationships; Chapter 4 : Client-Side Exploit Frameworks; Introduction; AttackAPI; Enumerating the Client; Attacking Networks; Hijacking the Browser; Controlling Zombies; BeEF; Installing and Configuring BeEF; Controlling Zombies; BeEF Modules; Standard Browser Exploits; Port Scanning with BeEF; Inter-protocol Exploitation and Communication with BeEF; CAL9000; XSS Attacks, Cheat Sheets, and Checklists
- Encoder, Decoders, and Miscellaneous Tools
