Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

CHAPTER 16 Next-Generation Web Application Exploitation

The basics of web exploitation have been covered in previous editions and exhaustively on the Web. However, some of the more advanced techniques are a bit harder to wrap your head around, so in this chapter we’re going to be looking at some of the attack techniques that made headlines from 2014 to 2017. We’ll be digging into these techniques to get a better understanding of the next generation of web attacks.

In particular, this chapter covers the following topics:

• The evolution of cross-site scripting (XSS)

• Framework vulnerabilities

• Padding oracle attacks

The Evolution of Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is one of the most misunderstood web vulnerabilities ...

Get Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition by Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims

CHAPTER 16

Next-Generation Web Application Exploitation

The Evolution of Cross-Site Scripting (XSS)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly