You are previewing Web Application Vulnerabilities.
O'Reilly logo
Web Application Vulnerabilities

Book Description

In this book, we aim to describe how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. We will describe common security issues in Web applications, tell you how to find them, describe how to exploit them, and then tell you how to fix them. We will also cover how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. We will also try to explain how to detect if hackers are actively trying to exploit vulnerabilities in your own Web applications.

· Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more.
· See why Cross Site Scripting attacks can be so devastating.
· Download working code from the companion Web site.

Table of Contents

  1. Copyright
  2. Contributing Authors
  3. 1. Introduction to Web Application Hacking
    1. Introduction
    2. Web Application Architecture Components
      1. The Web Server
      2. The Application Content
      3. The Data Store
    3. Complex Web Application Software Components
      1. Login
      2. Session Tracking Mechanism
      3. User Permissions Enforcement
      4. Role Level Enforcement
      5. Data Access
      6. Application Logic
      7. Logout
    4. Putting it all Together
    5. The Web Application Hacking Methodology
      1. Define the Scope of the Engagement
        1. Before Beginning the Actual Assessment
      2. Open Source Intelligence Scanning
      3. Default Material Scanning
      4. Base Line the Application
      5. Fuzzing
      6. Exploiting/Validating Vulnerabilities
      7. Reporting
    6. The History of Web Application Hacking and the Evolution of Tools
      1. Example 1: Manipulating the URL Directly (GET Method Form Submittal)
      2. Example 2: The POST Method
      3. Example 3: Man in the Middle Sockets
      4. The Graphical User Interface Man in the Middle Proxy
      5. Common (or Known) Vulnerability Scanners
      6. Spiders and other Crawlers
      7. Automated Fuzzers
      8. All in One and Multi Function Tools
      9. OWASP’s WebScarab Demonstration
        1. Starting WebScarab
        2. Next: Create a new session
        3. Next: Ensure the Proxy Service is Listening
        4. Next, Configure Your Web Browser
        5. Next, Configure WebScarab to Intercept Requests
        6. Next, Bring up the Summary Tab
      10. Web Application Hacking Tool List
      11. Security E-Mail Lists
    7. Summary
  4. 2. Information Gathering Techniques
    1. Introduction
    2. The Principles of Automating Searches
      1. The Original Search Term
      2. Expanding Search Terms
        1. E-mail Addresses
        2. Telephone Numbers
        3. People
        4. Getting Lots of Results
        5. More Combinations
        6. Using “Special” Operators
      3. Getting the Data From the Source
        1. Scraping it Yourself – Requesting and Receiving Responses
        2. Scraping it Yourself – The Butcher Shop
        3. Dapper
        4. Aura/EvilAPI
        5. Using Other Search Engines
      4. Parsing the Data
        1. Parsing E-mail Addresses
        2. Domains and Sub-domains
        3. Telephone Numbers
      5. Post Processing
        1. Sorting Results by Relevance
        2. Beyond Snippets
        3. Presenting Results
    3. Applications of Data Mining
      1. Mildly Amusing
      2. Most Interesting
        1. Taking It One Step Further
    4. Collecting Search Terms
      1. On the Web
      2. Spying on Your Own
        1. Search Terms
        2. Gmail
      3. Honey Words
      4. Referrals
    5. Summary
  5. 3. Introduction to Server Side Input Validation Issues
    1. Introduction
    2. Cross Site Scripting (XSS)
      1. Presenting False Information
        1. How this Example Works
      2. Presenting a False Form
      3. Exploiting Browser Based Vulnerabilities
      4. Exploit Client/Server Trust Relationships
  6. 4. Client-Side Exploit Frameworks
    1. Introduction
    2. AttackAPI
      1. Enumerating the Client
      2. Attacking Networks
      3. Hijacking the Browser
      4. Controlling Zombies
    3. BeEF
      1. Installing and Configuring BeEF
      2. Controlling Zombies
      3. BeEF Modules
      4. Standard Browser Exploits
      5. Port Scanning with BeEF
      6. Inter-protocol Exploitation and Communication with BeEF
    4. CAL9000
      1. XSS Attacks, Cheat Sheets, and Checklists
      2. Encoder, Decoders, and Miscellaneous Tools
      3. HTTP Requests/Responses and Automatic Testing
    5. Overview of XSS-Proxy
      1. XSS-Proxy Hijacking Explained
        1. Browser Hijacking Details
          1. Initialization
          2. Command Mode
        2. Attacker Control Interface
      2. Using XSS-Proxy: Examples
        1. Setting Up XSS-Proxy
        2. Injection and Initialization Vectors For XSS-Proxy
          1. HTML Injection
          2. JavaScript Injection
        3. Handoff and CSRF With Hijacks
          1. CSRF
          2. Handoff Hijack to Other Sites
        4. Sage and File:// Hijack With Malicious RSS Feed
    6. Summary
    7. Solutions Fast Track
      1. AttackAPI
      2. BeEF
      3. CAL9000
      4. XSS-Proxy
    8. Frequently Asked Questions
  7. 5. Web-Based Malware
    1. Introduction
    2. Attacks on the Web
    3. Hacking into Web Sites
    4. Index Hijacking
    5. DNS Poisoning (Pharming)
    6. Malware and the Web: What, Where, and How to Scan
      1. What to Scan
      2. Where to Scan
      3. How to Scan
    7. Parsing and Emulating HTML
    8. Browser Vulnerabilities
    9. Testing HTTP-scanning Solutions
    10. Tangled Legal Web
    11. Summary
    12. Solutions Fast Track
      1. Attacks on the Web
      2. Hacking into Web Sites
      3. Index hijacking
      4. DNS Poisoning (pharming)
      5. What to Scan?
      6. Where to Scan?
      7. How to Scan?
      8. Parsing and Emulating HTML
      9. “JS/Feebs@MM” family
      10. Browser vulnerabilities
      11. Testing of HTTP-scanning Solutions
      12. Tangled Legal Web
    13. Frequently Asked Questions
  8. 6. Web Server and Web Application Testing with BackTrack
    1. Objectives
    2. Introduction
      1. Web Server Vulnerabilities: A Short History
      2. Web Applications: The New Challenge
      3. Chapter Scope
    3. Approach
      1. Web Server Testing
      2. CGI and Default Pages Testing
      3. Web Application Testing
    4. Core Technologies
      1. Web Server Exploit Basics
        1. What Are We Talking About?
          1. Stack-Based Overflows
          2. Heap-based Overflows
      2. CGI and Default Page Exploitation
      3. Web Application Assessment
        1. Information Gathering Attacks
        2. File System and Directory Traversal Attacks
        3. Command Execution Attacks
        4. Database Query Injection Attacks
        5. Cross-site Scripting Attacks
        6. Impersonation Attacks
        7. Parameter Passing Attacks
    5. Open Source Tools
      1. Intelligence Gathering Tools
      2. Scanning Tools
      3. Assessment Tools
        1. Authentication
        2. Proxy
      4. Exploitation Tools
        1. Metasploit
        2. SQL Injection Tools
          1. DNS Channel
          2. Timing Channel
          3. Requirements
          4. Supported Databases
          5. Example Usage
    6. Case Studies: The Tools in Action
      1. Web Server Assessments
      2. CGI and Default Page Exploitation
      3. Web Application Assessment
  9. 7. Securing Web Based Services
    1. Introduction
    2. Web Security
      1. Web Server Lockdown
        1. Managing Access Control
        2. Handling Directory and Data Structures
          1. Directory Properties
        3. Eliminating Scripting Vulnerabilities
        4. Logging Activity
        5. Performing Backups
        6. Maintaining Integrity
        7. Finding Rogue Web Servers
      2. Stopping Browser Exploits
        1. Exploitable Browser Characteristics
        2. Cookies
        3. Web Spoofing
        4. Web Server Exploits
      3. SSL and HTTP/S
        1. SSL and TLS
        2. HTTP/S
        3. TLS
        4. S-HTTP
      4. Instant Messaging
        1. Packet Sniffers and Instant Messaging
        2. Text Messaging and Short Message Service (SMS)
      5. Web-based Vulnerabilities
        1. Understanding Java-, JavaScript-, and ActiveX-based Problems
          1. Java
          2. ActiveX
          3. Dangers Associated with Using ActiveX
          4. Avoiding Common ActiveX Vulnerabilities
          5. Lessening the Impact of ActiveX Vulnerabilities
          6. Protection at the Network Level
          7. Protection at the Client Level
          8. JavaScript
        2. Preventing Problems with Java, JavaScript, and ActiveX
        3. Programming Secure Scripts
        4. Code Signing: Solution or More Problems?
        5. Understanding Code Signing
        6. The Benefits of Code Signing
        7. Problems with the Code Signing Process
      6. Buffer Overflows
      7. Making Browsers and E-mail Clients More Secure
        1. Restricting Programming Languages
        2. Keep Security Patches Current
      8. Securing Web Browser Software
        1. Securing Microsoft IE
      9. CGI
        1. What is a CGI Script and What Does It Do?
        2. Typical Uses of CGI Scripts
      10. Break-ins Resulting from Weak CGI Scripts
        1. CGI Wrappers
        2. Nikto
    3. FTP Security
      1. Active and Passive FTP
      2. S/FTP
      3. Secure Copy
      4. Blind FTP/Anonymous
      5. FTP Sharing and Vulnerabilities
      6. Packet Sniffing FTP Transmissions
    4. Directory Services and LDAP Security
      1. LDAP
        1. LDAP Directories
        2. Organizational Units
        3. Objects, Attributes and the Schema
        4. Securing LDAP
    5. Summary
    6. Solutions Fast Track
      1. Web Security
      2. FTP Security
      3. LDAP Security
    7. Frequently Asked Questions