Chapter 18. Auditing Web-Based Applications
Solutions in this chapter:
▪ Cross-Site Scripting
▪ DNS Rebinding Attacks
▪ p0wf (Passing Fingerprinting of Web Content Frameworks)
▪ Splogging
Introduction
In this chapter we will introduce the concepts necessary to audit Web applications. Some of the main areas that are commonly overlooked include:
▪ Input validation and sanitization
▪ Error checking and handling
▪ Vigorous session management
In validating that a Web-based application is secure, the auditor needs to investigate more than the basic system controls. The aim should be to ensure that the implementation has been accomplished with the aim of ensuring a complete mediation of the application. The principle of complete mediation tells us that there ...
Get The IT Regulatory and Standards Compliance Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
