O'Reilly logo

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 16. Attacking Application Architecture

Web application architecture is an important area of security that is frequently overlooked when appraising the security of individual applications. In commonly used tiered architectures, a failure to segregate different tiers often means that a single defect in one tier can be exploited to fully compromise other tiers and thereby the entire application.

A different range of security threats arises in environments where multiple applications are hosted on the same infrastructure, or even share common components of a wider overarching application. In these situations, defects or malicious code within one application can sometimes be exploited to compromise the entire environment and other applications belonging to different customers.

In this chapter, we will examine a range of different architectural configurations, and describe how you can exploit defects within application architectures to advance your attack.

Tiered Architectures

Many web applications use a multi-tiered architecture, in which the application's user interface, business logic, and data storage are divided between multiple layers, which may use different technologies and be implemented on different physical computers. A common three-tier architecture involves the following layers:

  • Presentation layer, which implements the application's interface.

  • Application layer, which implements the core application logic.

  • Data layer, which provides storage and processing of application ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required