O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Emerging Attack Vectors

In this chapter, we will see some of the emerging attack vectors that have been recently discovered and less common ones which have resurfaced again with a potentially high impact with respect to the security of web applications.

We'll cover the following topics in this chapter:

  • Server Side Request Forgery
  • Insecure Direct Object Reference
  • DOM clobbering
  • Relative Path Overwrite
  • UI redressing
  • PHP Object Injection

Server Side Request Forgery

Server Side Request Forgery, or SSRF, is a recently publicized chain of vulnerabilities which primarily result in a web application server acting as a proxy and can then be used to make (spoof) connections to external servers or resources through a vulnerable web application. This might ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required