O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Identifying Insecure Design Patterns

As we'll demonstrate throughout this chapter, the methodology of attacking predictable resources is basic. Select a portion of the Uniform Resource Identifier (URI), change its value, and observe the results. This is as simple as guessing whether directories exist (for example, /admin/ or /install/), looking for common file suffixes (for example, index.cgi.bak or login.aspx.old), cycling through numeric URI parameters (for example, userid=1, userid=2, userid=3, …), or replacing expected values (for example, page=index.html becomes page=login.cgi). Because the concept of predictability attacks is so simple and the methodology is uncomplicated, the attacks lend themselves very well to automation. Launch a ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required