You are previewing The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition.
O'Reilly logo
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition

Book Description

The highly successful security book returns with a new edition, completely updated

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

  • Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition

  • Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more

  • Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks

Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.

"The ebook version does not provide access to the companion files."

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright
  4. About the Authors
  5. About the Technical Editor
  6. MDSec: The Authors' Company
  7. Credits
  8. Acknowledgments
  9. Contents at a Glance
  10. Contents
  11. Introduction
    1. Overview of This Book
    2. Who Should Read This Book
    3. How This Book Is Organized
    4. What's New in This Edition
    5. Tools You Will Need
    6. What's on the Website
    7. Bring It On
  12. CHAPTER 1: Web Application (In)security
    1. The Evolution of Web Applications
    2. Web Application Security
    3. Summary
  13. CHAPTER 2: Core Defense Mechanisms
    1. Handling User Access
    2. Handling User Input
    3. Handling Attackers
    4. Managing the Application
    5. Summary
  14. CHAPTER 3: Web Application Technologies
    1. The HTTP Protocol
    2. Web Functionality
    3. Encoding Schemes
    4. Next Steps
    5. Questions
  15. CHAPTER 4: Mapping the Application
    1. Enumerating Content and Functionality
    2. Analyzing the Application
    3. Summary
    4. Questions
  16. CHAPTER 5: Bypassing Client-Side Controls
    1. Transmitting Data Via the Client
    2. Capturing User Data: HTML Forms
    3. Capturing User Data: Browser Extensions
    4. Handling Client-Side Data Securely
    5. Summary
    6. Questions
  17. CHAPTER 6: Attacking Authentication
    1. Authentication Technologies
    2. Design Flaws in Authentication Mechanisms
    3. Implementation Flaws in Authentication
    4. Securing Authentication
    5. Summary
    6. Questions
  18. CHAPTER 7: Attacking Session Management
    1. The Need for State
    2. Weaknesses in Token Generation
    3. Weaknesses in Session Token Handling
    4. Securing Session Management
    5. Summary
    6. Questions
  19. CHAPTER 8: Attacking Access Controls
    1. Common Vulnerabilities
    2. Attacking Access Controls
    3. Securing Access Controls
    4. Summary
    5. Questions
  20. CHAPTER 9: Attacking Data Stores
    1. Injecting into Interpreted Contexts
    2. Injecting into SQL
    3. Injecting into NoSQL
    4. Injecting into XPath
    5. Injecting into LDAP
    6. Summary
    7. Questions
  21. CHAPTER 10: Attacking Back-End Components
    1. Injecting OS Commands
    2. Injecting Through Dynamic Execution
    3. Finding OS Command Injection Flaws
    4. Manipulating File Paths
    5. Injecting into XML Interpreters
    6. Injecting into Back-end HTTP Requests
    7. Injecting into Mail Services
    8. Summary
    9. Questions
  22. CHAPTER 11: Attacking Application Logic
    1. The Nature of Logic Flaws
    2. Real-World Logic Flaws
    3. Questions
  23. CHAPTER 12: Attacking Users: Cross-Site Scripting
    1. Varieties of XSS
    2. Reflected XSS Vulnerabilities
    3. Stored XSS Vulnerabilities
    4. DOM-Based XSS Vulnerabilities
    5. XSS Attacks in Action
    6. Real-World XSS Attacks
    7. Payloads for XSS Attacks
    8. Delivery Mechanisms for XSS Attacks
    9. Finding and Exploiting XSS Vulnerabilities
    10. Finding and Exploiting Reflected XSS Vulnerabilities
    11. Finding and Exploiting Stored XSS Vulnerabilities
    12. Finding and Exploiting DOM-Based XSS Vulnerabilities
    13. Preventing XSS Attacks
    14. Preventing Reflected and Stored XSS
    15. Preventing DOM-Based XSS
    16. Summary
    17. Questions
  24. CHAPTER 13: Attacking Users: Other Techniques
    1. Inducing User Actions
    2. Capturing Data Cross-Domain
    3. The Same-Origin Policy Revisited
    4. Other Client-Side Injection Attacks
    5. Local Privacy Attacks
    6. Attacking ActiveX Controls
    7. Attacking the Browser
    8. Summary
    9. Questions
  25. CHAPTER 14: Automating Customized Attacks
    1. Uses for Customized Automation
    2. Enumerating Valid Identifiers
    3. Harvesting Useful Data
    4. Fuzzing for Common Vulnerabilities
    5. Putting It All Together: Burp Intruder
    6. Barriers to Automation
    7. Summary
    8. Questions
  26. CHAPTER 15: Exploiting Information Disclosure
    1. Exploiting Error Messages
    2. Gathering Published Information
    3. Using Inference
    4. Preventing Information Leakage
    5. Summary
    6. Questions
  27. CHAPTER 16: Attacking Native Compiled Applications
    1. Buffer Overflow Vulnerabilities
    2. Integer Vulnerabilities
    3. Format String Vulnerabilities
    4. Summary
    5. Questions
  28. CHAPTER 17: Attacking Application Architecture
    1. Tiered Architectures
    2. Shared Hosting and Application Service Providers
    3. Summary
    4. Questions
  29. CHAPTER 18: Attacking the Application Server
    1. Vulnerable Server Configuration
    2. Vulnerable Server Software
    3. Web Application Firewalls
    4. Summary
    5. Questions
  30. CHAPTER 19: Finding Vulnerabilities in Source Code
    1. Approaches to Code Review
    2. Signatures of Common Vulnerabilities
    3. The Java Platform
    4. ASP.NET
    5. PHP
    6. Perl
    7. Database Code Components
    8. Tools for Code Browsing
    9. Summary
    10. Questions
  31. CHAPTER 20: A Web Application Hacker's Toolkit
    1. Web Browsers
    2. Integrated Testing Suites
    3. Standalone Vulnerability Scanners
    4. Other Tools
    5. Summary
  32. CHAPTER 21: A Web Application Hacker's Methodology
    1. General Guidelines
    2. 1 Map the Application's Content
    3. 2 Analyze the Application
    4. 3 Test Client-Side Controls
    5. 4 Test the Authentication Mechanism
    6. 5 Test the Session Management Mechanism
    7. 6 Test Access Controls
    8. 7 Test for Input-Based Vulnerabilities
    9. 8 Test for Function-Specific Input Vulnerabilities
    10. 9 Test for Logic Flaws
    11. 10 Test for Shared Hosting Vulnerabilities
    12. 11 Test for Application Server Vulnerabilities
    13. 12 Miscellaneous Checks
    14. 13 Follow Up Any Information Leakage
  33. Index