UI redressing or the clickjacking attack makes use of overlapping elements, transparent frames, and some social engineering to fool users of a web application to click or perform certain actions on different pages of the web application without them realizing. The attack is very easy to conduct; the attacker creates an iframe
of one of the pages from the vulnerable web application. Just above the iframe
there are some HTML elements (a button, a hyperlink, and so on) which is often disguised as a simple game or anything catchy which the user might click on. The placement of these elements are done in such a way that as soon as the user clicks on it, the click, instead of registering at the HTML element, goes to the iframed web page of the vulnerable web application. Now you may wonder how this is possible, so let me explain; the iframe is made transparent so only the convincing game is visible to the user and the iframe is placed over HTML elements through CSS, but since the...
Mastering Modern Web Penetration Testing
By :
Mastering Modern Web Penetration Testing
By:
Overview of this book
Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security.
We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book.
We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance.
Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples.
This pragmatic guide will be a great benefit and will help you prepare fully secure applications.
Table of Contents (18 chapters)
Mastering Modern Web Penetration Testing
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Free Chapter
Common Security Protocols
Information Gathering
Cross-Site Scripting
Cross-Site Request Forgery
Exploiting SQL Injection
File Upload Vulnerabilities
Metasploit and Web
Emerging Attack Vectors
OAuth 2.0 Security
API Testing Methodology
Index
Customer Reviews