Chapter 2

Vulnerability Identification and Remediation

You can be sure of succeeding in your attacks if you only attack places which are undefended. You can ensure the safety of your defense if you only hold positions that cannot be attacked.

—Sun Tzu in The Art of War

Do you know if any vulnerabilities exist within your web applications? Odds are they do. What’s even more worrisome should be the fact that attackers are relentlessly looking to find and exploit them. You may think that your web application has no perceived value to attackers and thus you are not a potential target, but you would be wrong. Every web application has value for some criminal element. Identity theft and fraud syndicates value your customers’ credit card data, and it is often improperly stored in e-commerce sites. Malware groups target your large customer base for infection and want to use your site as a distribution platform. Hacktivists may want to knock your site offline with a denial-of-service attack. These diverse groups have equally diverse end goals, but they all share the common methodology of relentlessly enumerating and exploiting weaknesses in target web infrastructures.

With this realization as a backdrop, the most prudent course of action becomes finding and fixing all your vulnerabilities before the bad guys do. The builder, breaker, and defender communities all use different methods and tools to identify web application vulnerabilities, each with varying degrees of accuracy and coverage. ...