Book Image

The Web Application Hacker's Handbook

By : Dafydd Stuttard, Marcus Pinto
Book Image

The Web Application Hacker's Handbook

By: Dafydd Stuttard, Marcus Pinto

Overview of this book

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. Youíll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. The book starts with the current state of web application security and the trends that indicate how it is likely to evolve soon. Youíll examine the core security problem affecting web applications and the defence mechanisms that applications implement to address this problem, and youíll also explore the key technologies used in todayís web application. Next, youíll carry out tasks for breaking into web applications and for executing a comprehensive attack. As you progress, youíll learn to find vulnerabilities in an application's source code and review the tools that can help when you hack web applications. Youíll also study a detailed methodology for performing a comprehensive and deep attack against a specific target. By the end of this book, youíll be able to discover security flaws in web applications and how to deal with them.

Related Content you might be interested in

Current Title:

Small book image
The Web Application Hacker's Handbook
Dafydd Stuttard | Marcus Pinto
Oct, 2011 | 912 pages
No titles found
Table of Contents (32 chapters)
Free Chapter
1
Cover
Cover
2
Title
Title
3
Copyright
Copyright
4
About the Authors
About the Authors
5
About the Technical Editor
About the Technical Editor
6
MDSec: The Authors’ Company
MDSec: The Authors’ Company
7
Credits
Credits
8
Acknowledgments
Acknowledgments
9
Introduction
Introduction
Overview of This Book
Who Should Read This Book
How This Book Is Organized
What's New in This Edition
Tools You Will Need
What's on the Website
Bring It On
10
Chapter 1: Web Application (In)security
Chapter 1: Web Application (In)security
The Evolution of Web Applications
Web Application Security
Summary
11
Chapter 2: Core Defense Mechanisms
Chapter 2: Core Defense Mechanisms
Handling User Access
Handling User Input
Handling Attackers
Managing the Application
Summary
Questions
12
Chapter 3: Web Application Technologies
Chapter 3: Web Application Technologies
The HTTP Protocol
Web Functionality
Encoding Schemes
Next Steps
Questions
13
Chapter 4: Mapping the Application
Chapter 4: Mapping the Application
Enumerating Content and Functionality
Analyzing the Application
Summary
Questions
14
Chapter 5: Bypassing Client-Side Controls
Chapter 5: Bypassing Client-Side Controls
Transmitting Data Via the Client
Capturing User Data: HTML Forms
Capturing User Data: Browser Extensions
Handling Client-Side Data Securely
Summary
Questions
15
Chapter 6: Attacking Authentication
Chapter 6: Attacking Authentication
Authentication Technologies
Design Flaws in Authentication Mechanisms
Implementation Flaws in Authentication
Securing Authentication
Summary
Questions
16
Chapter 7: Attacking Session Management
Chapter 7: Attacking Session Management
The Need for State
Weaknesses in Token Generation
Weaknesses in Session Token Handling
Securing Session Management
Summary
Questions
17
Chapter 8: Attacking Access Controls
Chapter 8: Attacking Access Controls
Common Vulnerabilities
Attacking Access Controls
Securing Access Controls
Summary
Questions
18
Chapter 9: Attacking Data Stores
Chapter 9: Attacking Data Stores
Injecting into Interpreted Contexts
Injecting into SQL
Injecting into NoSQL
Injecting into XPath
Injecting into LDAP
Summary
Questions
19
Chapter 10: Attacking Back-End Components
Chapter 10: Attacking Back-End Components
Injecting OS Commands
Manipulating File Paths
Injecting into XML Interpreters
Injecting into Back-end HTTP Requests
Injecting into Mail Services
Summary
Questions
20
Chapter 11: Attacking Application Logic
Chapter 11: Attacking Application Logic
The Nature of Logic Flaws
Real-World Logic Flaws
Avoiding Logic Flaws
Summary
Questions
21
Chapter 12: Attacking Users: Cross-Site Scripting
Chapter 12: Attacking Users: Cross-Site Scripting
Varieties of XSS
XSS Attacks in Action
Finding and Exploiting XSS Vulnerabilities
Preventing XSS Attacks
Summary
Questions
22
Chapter 13: Attacking Users: Other Techniques
Chapter 13: Attacking Users: Other Techniques
Inducing User Actions
Capturing Data Cross-Domain
The Same-Origin Policy Revisited
Other Client-Side Injection Attacks
Local Privacy Attacks
Attacking ActiveX Controls
Attacking the Browser
Summary
Questions
23
Chapter 14: Automating Customized Attacks
Chapter 14: Automating Customized Attacks
Uses for Customized Automation
Enumerating Valid Identifiers
Harvesting Useful Data
Fuzzing for Common Vulnerabilities
Putting It All Together: Burp Intruder
Barriers to Automation
Summary
Questions
24
Chapter 15: Exploiting Information Disclosure
Chapter 15: Exploiting Information Disclosure
Exploiting Error Messages
Gathering Published Information
Using Inference
Preventing Information Leakage
Summary
Questions
25
Chapter 16: Attacking Native Compiled Applications
Chapter 16: Attacking Native Compiled Applications
Buffer Overflow Vulnerabilities
Integer Vulnerabilities
Format String Vulnerabilities
Summary
Questions
26
Chapter 17: Attacking Application Architecture
Chapter 17: Attacking Application Architecture
Tiered Architectures
Shared Hosting and Application Service Providers
Summary
Questions
27
Chapter 18: Attacking the Application Server
Chapter 18: Attacking the Application Server
Vulnerable Server Configuration
Vulnerable Server Software
Web Application Firewalls
Summary
Questions
28
Chapter 19: Finding Vulnerabilities in Source Code
Chapter 19: Finding Vulnerabilities in Source Code
Approaches to Code Review
Signatures of Common Vulnerabilities
The Java Platform
ASP.NET
PHP
Perl
JavaScript
Database Code Components
Tools for Code Browsing
Summary
Questions
29
Chapter 20: A Web Application Hacker's Toolkit
Chapter 20: A Web Application Hacker's Toolkit
Web Browsers
Integrated Testing Suites
Standalone Vulnerability Scanners
Other Tools
Summary
30
Chapter 21: A Web Application Hacker's Methodology
Chapter 21: A Web Application Hacker's Methodology
General Guidelines
1 Map the Application's Content
2 Analyze the Application
3 Test Client-Side Controls
4 Test the Authentication Mechanism
5 Test the Session Management Mechanism
6 Test Access Controls
7 Test for Input-Based Vulnerabilities
8 Test for Function-Specific Input Vulnerabilities
9 Test for Logic Flaws
10 Test for Shared Hosting Vulnerabilities
11 Test for Application Server Vulnerabilities
12 Miscellaneous Checks
13 Follow Up Any Information Leakage
31
Index
Index
32
End User License Agreement
End User License Agreement

The Java Platform

This section describes ways to acquire user-supplied input, ways to interact with the user's session, potentially dangerous APIs, and security-relevant configuration options on the Java platform.

Identifying User-Supplied Data

Java applications acquire user-submitted input via the javax.servlet.http.HttpServletRequest interface, which extends the javax.servlet.ServletRequest interface. These two interfaces contain numerous APIs that web applications can use to access user-supplied data. The APIs listed in Table 19.1 can be used to obtain data from the user request.

Table 19.1 APIs Used to Acquire User-Supplied Data on the Java Platform

API Description
getParameter
 getParameterNames
 getParameterValues
 getParameterMap		 Parameters within the URL query string and the body of a POST request are stored as a map of String names to String values, which can be accessed using these APIs.
getQueryString Returns the entire query string contained...
Previous Section
End of Section 4
Next Section