Stuttard flast.indd V2 - 08/10/2011 Page xxii
flast.indd xxii
8/19/2011 12:23:07 PM
Stuttard ffirs.indd V4 - 08/17/2011 Page i
The Web Application
Hacker’s Handbook
Second Edition
Finding and Exploiting Security Flaws
Dafydd Stuttard
Marcus Pinto
ffirs.indd i
8/19/2011 12:22:33 PM
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, Second Edition
Published by
John Wiley & Sons, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2011 by Dafydd Stuttard and Marcus Pinto
Published by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-118-02647-2
ISBN: 978-1-118-17522-4 (ebk)
ISBN: 978-1-118-17524-8 (ebk)
ISBN: 978-1-118-17523-1 (ebk)
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted
under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright
Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the
Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111
River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.
com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all
warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be
created or extended by sales or promotional materials. The advice and strategies contained herein may not
be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in
rendering legal, accounting, or other professional services. If professional assistance is required, the services
of a competent professional person should be sought. Neither the publisher nor the author shall be liable for
damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation
and/or a potential source of further information does not mean that the author or the publisher endorses
the information the organization or website may provide or recommendations it may make. Further, readers
should be aware that Internet websites listed in this work may have changed or disappeared between when
this work was written and when it is read.
For general information on our other products and services please contact our Customer Care Department
within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Not all content
that is available in standard print versions of this book may appear or be packaged in all book formats. If
you have purchased a version of this book that did not include media that is referenced by or accompanies
a standard print version, you may request this media by visiting http://booksupport.wiley.
com. For more information about Wiley products, visit us at www.wiley.com.
Library of Congress Control Number: 2011934639
Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc.
and/or its affiliates, in the United States and other countries, and may not be used without written permission.
All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated
with any product or vendor mentioned in this book.
Stuttard ffirs.indd V4 - 08/17/2011 Page iii
About the Authors
Dafydd Stuttard is an independent security consultant, author, and software
developer. With more than 10 years of experience in security consulting, he
specializes in the penetration testing of web applications and compiled software. Dafydd has worked with numerous banks, retailers, and other enterprises
to help secure their web applications. He also has provided security consulting to
several software manufacturers and governments to help secure their compiled
software. Dafydd is an accomplished programmer in several languages. His
interests include developing tools to facilitate all kinds of software security
testing. Under the alias “PortSwigger,” Dafydd created the popular Burp Suite
of web application hacking tools; he continues to work actively on Burp’s development. Dafydd is also cofounder of MDSec, a company providing training and
consultancy on Internet security attack and defense. Dafydd has developed and
presented training courses at various security conferences around the world,
and he regularly delivers training to companies and governments. He holds
master’s and doctorate degrees in philosophy from the University of Oxford.
Marcus Pinto is cofounder of MDSec, developing and delivering training
courses in web application security. He also performs ongoing security consultancy for financial, government, telecom, and retail verticals. His 11 years
of experience in the industry have been dominated by the technical aspects of
application security, from the dual perspectives of a consulting and end-user
implementation role. Marcus has a background in attack-based security assessment and penetration testing. He has worked extensively with large-scale web
application deployments in the financial services industry. Marcus has been
developing and presenting database and web application training courses since
2005 at Black Hat and other worldwide security conferences, and for privatesector and government clients. He holds a master’s degree in physics from the
University of Cambridge.
iii
ffirs.indd iii
8/19/2011 12:22:37 PM
Stuttard ffirs.indd V4 - 08/17/2011 Page iv
About the Technical Editor
Dr. Josh Pauli received his Ph.D. in Software Engineering from North Dakota
State University (NDSU) with an emphasis in secure requirements engineering
and now serves as an Associate Professor of Information Security at Dakota
State University (DSU). Dr. Pauli has published nearly 20 international journal and conference papers related to software security and his work includes
invited presentations from the Department of Homeland Security and Black
Hat Briefings. He teaches both undergraduate and graduate courses in system
software security and web software security at DSU. Dr. Pauli also conducts web
application penetration tests as a Senior Penetration Tester for an Information
Security consulting firm where his duties include developing hands-on technical workshops in the area of web software security for IT professionals in the
financial sector.
iv
ffirs.indd iv
8/19/2011 12:22:37 PM
Stuttard ffirs.indd V4 - 08/17/2011 Page v
MDSec: The Authors’ Company
Dafydd and Marcus are cofounders of MDSec, a company that provides training
in attack and defense-based security, along with other consultancy services. If
while reading this book you would like to put the concepts into practice, and
gain hands-on experience in the areas covered, you are encouraged to visit our
website, http://mdsec.net. This will give you access to hundreds of interactive
vulnerability labs and other resources that are referenced throughout the book.
v
ffirs.indd v
8/19/2011 12:22:37 PM
Stuttard ffirs.indd V4 - 08/17/2011 Page vi
Credits
Executive Editor
Carol Long
Senior Project Editor
Adaobi Obi Tulton
Technical Editor
Josh Pauli
Production Editor
Kathleen Wisor
Copy Editor
Gayle Johnson
Editorial Manager
Mary Beth Wakefield
Freelancer Editorial Manager
Rosemarie Graham
Associate Director of
Marketing
David Mayhew
Marketing Manager
Ashley Zurcher
Business Manager
Amy Knies
Production Manager
Tim Tate
Vice President and Executive
Group Publisher
Richard Swadley
Vice President and Executive
Publisher
Neil Edde
Associate Publisher
Jim Minatel
Project Coordinator, Cover
Katie Crocker
Proofreaders
Sarah Kaikini, Word One
Sheilah Ledwidge, Word One
Indexer
Robert Swanson
Cover Designer
Ryan Sneed
Cover Image
Wiley InHouse Design
Vertical Websites Project Manager
Laura Moss-Hollister
Vertical Websites Assistant Project
Manager
Jenny Swisher
Vertical Websites Associate
Producers
Josh Frank
Shawn Patrick
Doug Kuhn
Marilyn Hummel
vi
ffirs.indd vi
8/19/2011 12:22:37 PM
Stuttard ffirs.indd V4 - 08/17/2011 Page vii
Acknowledgments
We are indebted to the directors and others at Next Generation Security Software,
who provided the right environment for us to realize the first edition of this
book. Since then, our input has come from an increasingly wider community
of researchers and professionals who have shared their ideas and contributed
to the collective understanding of web application security issues that exists
today. Because this is a practical handbook rather than a work of scholarship,
we have deliberately avoided filling it with a thousand citations of influential
articles, books, and blog postings that spawned the ideas involved. We hope
that people whose work we discuss anonymously are content with the general
credit given here.
We are grateful to the people at Wiley — in particular, to Carol Long for
enthusiastically supporting our project from the outset, to Adaobi Obi Tulton
for helping polish our manuscript and coaching us in the quirks of “American
English,” to Gayle Johnson for her very helpful and attentive copy editing, and
to Katie Wisor’s team for delivering a first-rate production.
A large measure of thanks is due to our respective partners, Becky and Amanda,
for tolerating the significant distraction and time involved in producing a book
of this size.
Both authors are indebted to the people who led us into our unusual line
of work. Dafydd would like to thank Martin Law. Martin is a great guy who
first taught me how to hack and encouraged me to spend my time developing
techniques and tools for attacking applications. Marcus would like to thank his
parents for everything they have done and continue to do, including getting me
into computers. I’ve been getting into computers ever since.
vii
ffirs.indd vii
8/19/2011 12:22:37 PM
Stuttard ffirs.indd V4 - 08/17/2011 Page viii
Contents at a Glance
Introduction
xxiii
Chapter 1
Web Application (In)security
1
Chapter 2
Core Defense Mechanisms
17
Chapter 3
Web Application Technologies
39
Chapter 4
Mapping the Application
73
Chapter 5
Bypassing Client-Side Controls
117
Chapter 6
Attacking Authentication
159
Chapter 7
Attacking Session Management
205
Chapter 8
Attacking Access Controls
257
Chapter 9
Attacking Data Stores
287
Chapter 10 Attacking Back-End Components
357
Chapter 11 Attacking Application Logic
405
Chapter 12 Attacking Users: Cross-Site Scripting
431
Chapter 13 Attacking Users: Other Techniques
501
Chapter 14 Automating Customized Attacks
571
Chapter 15 Exploiting Information Disclosure
615
Chapter 16 Attacking Native Compiled Applications
633
Chapter 17 Attacking Application Architecture
647
Chapter 18 Attacking the Application Server
669
Chapter 19 Finding Vulnerabilities in Source Code
701
Chapter 20 A Web Application Hacker’s Toolkit
747
Chapter 21 A Web Application Hacker’s Methodology
791
Index
853
viii
ffirs.indd viii
8/19/2011 12:22:38 PM
Stuttard ftoc.indd V2 - 08/10/2011 Page ix
Contents
Introduction
Chapter 1
xxiii
Web Application (In)security
The Evolution of Web Applications
Common Web Application Functions
Benefits of Web Applications
Web Application Security
“This Site Is Secure”
The Core Security Problem: Users Can Submit
Arbitrary Input
Key Problem Factors
The New Security Perimeter
The Future of Web Application Security
Chapter 2
1
2
4
5
6
7
9
10
12
14
Summary
15
Core Defense Mechanisms
Handling User Access
17
18
Authentication
Session Management
Access Control
Handling User Input
Varieties of Input
Approaches to Input Handling
Boundary Validation
Multistep Validation and Canonicalization
Handling Attackers
Handling Errors
Maintaining Audit Logs
Alerting Administrators
Reacting to Attacks
18
19
20
21
21
23
25
28
30
30
31
33
34
ix
ftoc.indd ix
8/19/2011 12:23:35 PM
Stuttard ftoc.indd V2 - 08/10/2011 Page x
x
Contents
Chapter 3
Managing the Application
Summary
Questions
35
36
36
Web Application Technologies
The HTTP Protocol
39
39
HTTP Requests
HTTP Responses
HTTP Methods
URLs
REST
HTTP Headers
Cookies
Status Codes
HTTPS
HTTP Proxies
HTTP Authentication
Web Functionality
Server-Side Functionality
Client-Side Functionality
State and Sessions
Encoding Schemes
URL Encoding
Unicode Encoding
HTML Encoding
Base64 Encoding
Hex Encoding
Remoting and Serialization
Frameworks
Chapter 4
51
51
57
66
66
67
67
68
69
69
70
Next Steps
Questions
70
71
Mapping the Application
Enumerating Content and Functionality
73
74
Web Spidering
User-Directed Spidering
Discovering Hidden Content
Application Pages Versus
Functional Paths
Discovering Hidden Parameters
Analyzing the Application
Identifying Entry Points for User Input
Identifying Server-Side Technologies
Identifying Server-Side Functionality
Mapping the Attack Surface
Summary
Questions
ftoc.indd x
40
41
42
44
44
45
47
48
49
49
50
74
77
80
93
96
97
98
101
107
111
114
114
8/19/2011 12:23:35 PM
x
Stuttard ftoc.indd V2 - 08/10/2011 Page xi
Contents
Chapter 5
Bypassing Client-Side Controls
Transmitting Data Via the Client
Hidden Form Fields
HTTP Cookies
URL Parameters
The Referer Header
Opaque Data
The ASP.NET ViewState
Capturing User Data: HTML Forms
Length Limits
Script-Based Validation
Disabled Elements
Capturing User Data: Browser Extensions
Common Browser Extension Technologies
Approaches to Browser Extensions
Intercepting Traffic from Browser Extensions
Decompiling Browser Extensions
Attaching a Debugger
Native Client Components
Handling Client-Side Data Securely
Transmitting Data Via the Client
Validating Client-Generated Data
Logging and Alerting
Chapter 6
ftoc.indd xi
117
118
118
121
121
122
123
124
127
128
129
131
133
134
135
135
139
151
153
154
154
155
156
Summary
Questions
156
157
Attacking Authentication
Authentication Technologies
Design Flaws in Authentication
Mechanisms
159
160
161
Bad Passwords
Brute-Forcible Login
Verbose Failure Messages
Vulnerable Transmission of Credentials
Password Change Functionality
Forgotten Password Functionality
“Remember Me” Functionality
User Impersonation Functionality
Incomplete Validation of Credentials
Nonunique Usernames
Predictable Usernames
Predictable Initial Passwords
Insecure Distribution of Credentials
161
162
166
169
171
173
176
178
180
181
182
183
184
Implementation Flaws in Authentication
185
Fail-Open Login Mechanisms
Defects in Multistage Login Mechanisms
Insecure Storage of Credentials
xi
185
186
190
8/19/2011 12:23:35 PM
Stuttard ftoc.indd V2 - 08/10/2011 Page xii
xii
Contents
Securing Authentication
Use Strong Credentials
Handle Credentials Secretively
Validate Credentials Properly
Prevent Information Leakage
Prevent Brute-Force Attacks
Prevent Misuse of the Password Change Function
Prevent Misuse of the Account Recovery Function
Log, Monitor, and Notify
Chapter 7
201
202
Attacking Session Management
The Need for State
205
206
Alternatives to Sessions
Meaningful Tokens
Predictable Tokens
Encrypted Tokens
Weaknesses in Session Token Handling
Disclosure of Tokens on the Network
Disclosure of Tokens in Logs
Vulnerable Mapping of Tokens to Sessions
Vulnerable Session Termination
Client Exposure to Token Hijacking
Liberal Cookie Scope
Securing Session Management
Generate Strong Tokens
Protect Tokens Throughout Their Life Cycle
Log, Monitor, and Alert
208
210
210
213
223
233
234
237
240
241
243
244
248
248
250
253
Summary
Questions
254
255
Attacking Access Controls
Common Vulnerabilities
257
258
Completely Unprotected Functionality
Identifier-Based Functions
Multistage Functions
Static Files
Platform Misconfiguration
Insecure Access Control Methods
Attacking Access Controls
Testing with Different User Accounts
Testing Multistage Processes
Testing with Limited Access
Testing Direct Access to Methods
Testing Controls Over Static Resources
ftoc.indd xii
192
192
193
195
196
199
199
201
Summary
Questions
Weaknesses in Token Generation
Chapter 8
191
259
261
262
263
264
265
266
267
271
273
276
277
8/19/2011 12:23:35 PM
xii
Stuttard ftoc.indd V2 - 08/10/2011 Page xiii
Contents
Testing Restrictions on HTTP Methods
Securing Access Controls
A Multilayered Privilege Model
Chapter 9
280
284
284
Attacking Data Stores
Injecting into Interpreted Contexts
287
288
Bypassing a Login
Exploiting a Basic Vulnerability
Injecting into Different Statement Types
Finding SQL Injection Bugs
Fingerprinting the Database
The UNION Operator
Extracting Useful Data
Extracting Data with UNION
Bypassing Filters
Second-Order SQL Injection
Advanced Exploitation
Beyond SQL Injection: Escalating the
Database Attack
Using SQL Exploitation Tools
SQL Syntax and Error Reference
Preventing SQL Injection
Injecting into NoSQL
Injecting into MongoDB
Injecting into XPath
Subverting Application Logic
Informed XPath Injection
Blind XPath Injection
Finding XPath Injection Flaws
Preventing XPath Injection
Injecting into LDAP
Exploiting LDAP Injection
Finding LDAP Injection Flaws
Preventing LDAP Injection
Summary
Questions
Chapter 10 Attacking Back-End Components
Injecting OS Commands
Example 1: Injecting Via Perl
Example 2: Injecting Via ASP
Injecting Through Dynamic Execution
Finding OS Command Injection Flaws
Finding Dynamic Execution Vulnerabilities
ftoc.indd xiii
278
278
Summary
Questions
Injecting into SQL
xiii
288
291
292
294
298
303
304
308
308
311
313
314
325
328
332
338
342
343
344
345
346
347
348
349
349
351
353
354
354
354
357
358
358
360
362
363
366
8/19/2011 12:23:35 PM
Stuttard ftoc.indd V2 - 08/10/2011 Page xiv
xiv
Contents
Preventing OS Command Injection
Preventing Script Injection Vulnerabilities
Manipulating File Paths
368
Path Traversal Vulnerabilities
File Inclusion Vulnerabilities
368
381
Injecting into XML Interpreters
383
Injecting XML External Entities
Injecting into SOAP Services
Finding and Exploiting SOAP Injection
Preventing SOAP Injection
Injecting into Back-end HTTP Requests
Server-side HTTP Redirection
HTTP Parameter Injection
Injecting into Mail Services
E-mail Header Manipulation
SMTP Command Injection
Finding SMTP Injection Flaws
Preventing SMTP Injection
Summary
Questions
Chapter 11 Attacking Application Logic
The Nature of Logic Flaws
Real-World Logic Flaws
Example 1: Asking the Oracle
Example 2: Fooling a Password Change Function
Example 3: Proceeding to Checkout
Example 4: Rolling Your Own Insurance
Example 5: Breaking the Bank
Example 6: Beating a Business Limit
Example 7: Cheating on Bulk Discounts
Example 8: Escaping from Escaping
Example 9: Invalidating Input Validation
Example 10: Abusing a Search Function
Example 11: Snarfing Debug Messages
Example 12: Racing Against the Login
Avoiding Logic Flaws
Summary
Questions
Chapter 12 Attacking Users: Cross-Site Scripting
Varieties of XSS
Reflected XSS Vulnerabilities
Stored XSS Vulnerabilities
DOM-Based XSS Vulnerabilities
XSS Attacks in Action
Real-World XSS Attacks
ftoc.indd xiv
367
368
384
386
389
390
390
390
393
397
398
399
400
402
402
403
405
406
406
407
409
410
412
414
416
418
419
420
422
424
426
428
429
430
431
433
434
438
440
442
442
8/19/2011 12:23:35 PM
iv
Stuttard ftoc.indd V2 - 08/10/2011 Page xv
Contents
Payloads for XSS Attacks
Delivery Mechanisms for XSS Attacks
Finding and Exploiting XSS Vulnerabilities
Finding and Exploiting Reflected XSS Vulnerabilities
Finding and Exploiting Stored XSS Vulnerabilities
Finding and Exploiting DOM-Based XSS Vulnerabilities
Preventing XSS Attacks
Preventing Reflected and Stored XSS
Preventing DOM-Based XSS
Summary
Questions
Chapter 13 Attacking Users: Other Techniques
Inducing User Actions
Request Forgery
UI Redress
Capturing Data Cross-Domain
Capturing Data by Injecting HTML
Capturing Data by Injecting CSS
JavaScript Hijacking
The Same-Origin Policy Revisited
The Same-Origin Policy and Browser Extensions
The Same-Origin Policy and HTML5
Crossing Domains with Proxy Service Applications
Other Client-Side Injection Attacks
HTTP Header Injection
Cookie Injection
Open Redirection Vulnerabilities
Client-Side SQL Injection
Client-Side HTTP Parameter Pollution
Local Privacy Attacks
Persistent Cookies
Cached Web Content
Browsing History
Autocomplete
Flash Local Shared Objects
Silverlight Isolated Storage
Internet Explorer userData
HTML5 Local Storage Mechanisms
Preventing Local Privacy Attacks
Attacking ActiveX Controls
Finding ActiveX Vulnerabilities
Preventing ActiveX Vulnerabilities
Attacking the Browser
Logging Keystrokes
Stealing Browser History and Search Queries
ftoc.indd xv
xv
443
447
451
452
481
487
492
492
496
498
498
501
501
502
511
515
516
517
519
524
525
528
529
531
531
536
540
547
548
550
550
551
552
552
553
553
554
554
554
555
556
558
559
560
560
8/19/2011 12:23:35 PM
Stuttard ftoc.indd V2 - 08/10/2011 Page xvi
xvi
Contents
Enumerating Currently Used Applications
Port Scanning
Attacking Other Network Hosts
Exploiting Non-HTTP Services
Exploiting Browser Bugs
DNS Rebinding
Browser Exploitation Frameworks
Man-in-the-Middle Attacks
Summary
Questions
Chapter 14 Automating Customized Attacks
Uses for Customized Automation
Enumerating Valid Identifiers
The Basic Approach
Detecting Hits
Scripting the Attack
JAttack
Harvesting Useful Data
Fuzzing for Common Vulnerabilities
Putting It All Together: Burp Intruder
Barriers to Automation
Session-Handling Mechanisms
CAPTCHA Controls
Summary
Questions
Chapter 15 Exploiting Information Disclosure
Exploiting Error Messages
Script Error Messages
Stack Traces
Informative Debug Messages
Server and Database Messages
Using Public Information
Engineering Informative Error Messages
Gathering Published Information
Using Inference
Preventing Information Leakage
Use Generic Error Messages
Protect Sensitive Information
Minimize Client-Side Information Leakage
Summary
Questions
Chapter 16 Attacking Native Compiled Applications
Buffer Overflow Vulnerabilities
Stack Overflows
Heap Overflows
ftoc.indd xvi
560
561
561
562
563
563
564
566
568
568
571
572
573
574
574
576
577
583
586
590
602
602
610
613
613
615
615
616
617
618
619
623
624
625
626
627
628
628
629
629
630
633
634
634
635
8/19/2011 12:23:35 PM
vi
Stuttard ftoc.indd V2 - 08/10/2011 Page xvii
Contents
“Off-by-One” Vulnerabilities
Detecting Buffer Overflow Vulnerabilities
Integer Vulnerabilities
Integer Overflows
Signedness Errors
Detecting Integer Vulnerabilities
Format String Vulnerabilities
Detecting Format String Vulnerabilities
Summary
Questions
Chapter 17 Attacking Application Architecture
Tiered Architectures
Attacking Tiered Architectures
Securing Tiered Architectures
Shared Hosting and Application Service Providers
Virtual Hosting
Shared Application Services
Attacking Shared Environments
Securing Shared Environments
Summary
Questions
Chapter 18 Attacking the Application Server
Vulnerable Server Configuration
Default Credentials
Default Content
Directory Listings
WebDAV Methods
The Application Server as a Proxy
Misconfigured Virtual Hosting
Securing Web Server Configuration
Vulnerable Server Software
Application Framework Flaws
Memory Management Vulnerabilities
Encoding and Canonicalization
Finding Web Server Flaws
Securing Web Server Software
640
640
641
642
643
644
645
645
647
647
648
654
656
657
657
658
665
667
667
669
670
670
671
677
679
682
683
684
684
685
687
689
694
695
697
699
699
Chapter 19 Finding Vulnerabilities in Source Code
Approaches to Code Review
701
702
Signatures of Common Vulnerabilities
Cross-Site Scripting
ftoc.indd xvii
636
639
Web Application Firewalls
Summary
Questions
Black-Box Versus White-Box Testing
Code Review Methodology
xvii
702
703
704
704
8/19/2011 12:23:35 PM
Stuttard ftoc.indd V2 - 08/10/2011 Page xviii
xviii
Contents
SQL Injection
Path Traversal
Arbitrary Redirection
OS Command Injection
Backdoor Passwords
Native Software Bugs
Source Code Comments
The Java Platform
Identifying User-Supplied Data
Session Interaction
Potentially Dangerous APIs
Configuring the Java Environment
ASP.NET
Identifying User-Supplied Data
Session Interaction
Potentially Dangerous APIs
Configuring the ASP.NET Environment
PHP
Identifying User-Supplied Data
Session Interaction
Potentially Dangerous APIs
Configuring the PHP Environment
Perl
Identifying User-Supplied Data
Session Interaction
Potentially Dangerous APIs
Configuring the Perl Environment
JavaScript
Database Code Components
SQL Injection
Calls to Dangerous Functions
711
711
712
713
716
718
718
719
720
723
724
724
727
727
732
735
735
736
736
739
740
741
741
742
Tools for Code Browsing
Summary
Questions
743
744
744
Chapter 20 A Web Application Hacker’s Toolkit
Web Browsers
747
748
Internet Explorer
Firefox
Chrome
Integrated Testing Suites
How the Tools Work
Testing Work Flow
Alternatives to the Intercepting Proxy
Standalone Vulnerability Scanners
Vulnerabilities Detected by Scanners
Inherent Limitations of Scanners
ftoc.indd xviii
705
706
707
708
708
709
710
748
749
750
751
751
769
771
773
774
776
8/19/2011 12:23:35 PM
- Xem thêm -