How to break Web software: functional and security testing of Web applications and Web services [8. print ed.] 0321369440, 9780321369444

Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grow

438 131 7MB

English Pages XV, 219 Seiten: Illustrationen + 1 CD-ROM (12 cm) [240] Year 2006;2010

Report DMCA / Copyright

DOWNLOAD FILE

How to break Web software: functional and security testing of Web applications and Web services [8. print ed.]
0321369440, 9780321369444

Author / Uploaded
Andrews
Mike;Whittaker
James A

Table of contents :
Cover......Page 1
Table of Contents......Page 14
Preface......Page 8
Acknowledgments......Page 10
About the Authors......Page 12
Introduction......Page 18
The World Wide Web......Page 19
The Price of Web Utopia......Page 22
The Web Versus Client-Server......Page 23
The Web Client......Page 26
The Network......Page 27
Introduction......Page 28
Attack 1 Panning for Gold......Page 29
Attack 2 Guessing Files and Directories......Page 37
Attack 3 Holes Left by Other People—Vulnerabilities in Sample Applications......Page 43
Introduction......Page 46
Attack 4 Bypass Restrictions on Input Choices......Page 47
Attack 5 Bypass Client-Side Validation......Page 52
Introduction......Page 58
Attack 6 Hidden Fields......Page 59
Attack 7 CGI Parameters......Page 63
Attack 8 Cookie Poisoning......Page 68
Attack 9 URL Jumping......Page 72
Attack 10 Session Hijacking......Page 76
Introduction......Page 82
Attack 11 Cross-Site Scripting......Page 83
Attack 12 SQL Injection......Page 91
Attack 13 Directory Traversal......Page 96
Introduction......Page 102
Attack 14 Buffer Overflows......Page 103
Attack 15 Canonicalization......Page 107
Attack 16 NULL-String Attacks......Page 112
Introduction......Page 116
Attack 17 SQL Injection II—Stored Procedures......Page 117
Attack 18 Command Injection......Page 120
Attack 19 Fingerprinting the Server......Page 123
Attack 20 Denial of Service......Page 129
Introduction......Page 132
Attack 21 Fake Cryptography......Page 133
Attack 22 Breaking Authentication......Page 137
Attack 23 Cross-Site Tracing......Page 142
Attack 24 Forcing Weak Cryptography......Page 146
Introduction......Page 152
User Agents......Page 153
Referrer......Page 156
Cookies......Page 157
Clipboard Access......Page 159
Caching Pages......Page 161
Browser Helper Objects......Page 163
What Are Web Services?......Page 166
XML......Page 167
SOAP......Page 168
WSDL......Page 169
WSDL Scanning Attack......Page 170
XPATH Injection Attack......Page 172
Recursive Payload Attack......Page 173
External Entity Attack......Page 174
Appendix A: Fifty Years of Software: Key Principles for Quality......Page 176
1950 to 1959: Genesis......Page 177
1960 to 1969: Exodus......Page 178
1970 to 1979: Chaos......Page 179
CASE Tools......Page 180
Formal Methods......Page 181
1990 to 1999: Process......Page 182
2000 to 2009: Engineering?......Page 184
Appendix B: Flowershop Bugs......Page 188
TextPad......Page 196
Nikto......Page 197
Wikto......Page 200
Stunnel......Page 206
BlackWidow......Page 207
Wget......Page 210
cURL......Page 212
Paros......Page 215
SPIKE Proxy......Page 217
SSLDigger......Page 221
The Human Brain......Page 222
A......Page 224
B......Page 225
C......Page 226
D......Page 227
F......Page 228
I-J......Page 229
N......Page 230
P......Page 231
S......Page 232
U......Page 234
W......Page 235
X......Page 236

Polecaj historie

How to break Web software: functional and security testing of Web applications and Web services [8. print ed.] 0321369440, 9780321369444

1,682 315 8MB Read more

Practical Web Penetration Testing: Secure Web Applications Using Burp Suite, Nmap, Metasploit, and More 1788624033, 9781788624039

Learn how to execute web application penetration testing end-to-end Key Features Build an end-to-end threat model landsc

118 61 16MB Read more

Testing and Securing Web Applications [1 ed.] 0367333759, 9780367333751

Web applications occupy a large space within the IT infrastructure of a business or a corporation. They simply just don’

869 243 8MB Read more

Web Application Security: Exploitation and Countermeasures for Modern Web Applications [1 ed.] 9781492053118, 9781492087960

While many resources for network and IT security are available, detailed knowledge regarding modern web application secu

13,216 2,773 5MB Read more

Web Penetration Testing with Kali Linux: a Practical Guide to Implementing Penetration Testing Strategies on Websites, Web Applications, and Standard Web Protocols with Kali Linux 9781788623803, 1788623800

Penetration Testing and Setup -- Reconnaissance -- Server-side Attacks -- Client-side Attacks -- Attacking Authenticatio

119 40 45MB Read more

RESTful Web Services 9780596158354

1,330 113 2MB Read more

XML and Web Services Unleashed 0672323419, 9780672323416

The Extensible Markup Language is changing the way that information is being stored and exchanged. It is also changing t

1,235 129 8MB Read more

.NET Web Services: Architecture and Implementation

Praise for .NET Web Services Keith Ballinger has been Mr. Web Services at Microsoft for as long as there were Web servi

1,266 182 1MB Read more

Testing Web APIs 9781617299537, 1617299537

Ensure your web APIs are consistent and bug-free by implementing an automated testing process. In Testing Web APIs you

931 194 4MB Read more

End-to-End Web Testing with Cypress: Explore techniques for automated frontend web testing with Cypress and JavaScript 1839215631, 9781839215636

Get to grips with the Cypress framework and learn how to best implement end-to-end automation testing with JavaScript wi

3,845 874 5MB Read more