- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.
Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the…mehr
Andere Kunden interessierten sich auch für
- Nitesh DhanjaniHacking: The Next Generation35,99 €
- Leigh MetcalfCybersecurity and Applied Mathematics75,99 €
- Sanjib SinhaBug Bounty Hunting for Web Security42,99 €
- Ron LepofskyThe Manager's Guide to Web Application Security74,99 €
- Jon EricksonHacking61,50 €
- Dominik SchadowJava-Web-Security32,90 €
- Violet BlueThe Smart Girl's Guide to Privacy16,99 €
-
-
-
Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.
Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you:
Obtain, install, and configure useful-and free-security testing tools
Understand how your application communicates with users, so you can better simulate attacks in your tests
Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests
Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you:
Obtain, install, and configure useful-and free-security testing tools
Understand how your application communicates with users, so you can better simulate attacks in your tests
Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests
Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: O'Reilly Media
- Seitenzahl: 312
- Erscheinungstermin: 25. November 2008
- Englisch
- Abmessung: 231mm x 179mm x 20mm
- Gewicht: 430g
- ISBN-13: 9780596514839
- ISBN-10: 0596514832
- Artikelnr.: 23607189
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Verlag: O'Reilly Media
- Seitenzahl: 312
- Erscheinungstermin: 25. November 2008
- Englisch
- Abmessung: 231mm x 179mm x 20mm
- Gewicht: 430g
- ISBN-13: 9780596514839
- ISBN-10: 0596514832
- Artikelnr.: 23607189
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Paco Hope is a Technical Manager at Cigital, Inc. and co-author of Mastering FreeBSD and OpenBSD Security (April 2005, O'Reilly, ISBN 0596006268). Mr. Hope has also published articles on Misuse and Abuse Cases and PKI. He has been invited to conferences to speak on topics such as software security re-quirements, web application security, and embedded system security. At Cigi-tal, he has served as a subject matter expert to MasterCard International for security policies and has assisted a Fortune 500 hospitality company in writ-ing software security policy. He also trains software developers and testers in the fundamentals of software security. In the gaming and mobile communica-tions industries he has advised several companies on software security. Mr. Hope majored in Computer Science and English at The College of William and Mary and received an M.S. in Computer Science from the University of Virginia. Ben Walther is a consultant at Cigital and contributor to the Edit Cookies tool. He has a hand in both normal Quality Assurance and Software Security. Day to day, he designs and executes tests - and so he understands the need for simple recipes, in the hectic QA world. Yet he has also given talks on web ap-plication testing tools to members of the Open Web Application Security Pro-ject (OWASP). Through Cigital, he tests systems ranging from financial data processing to slot machines. Mr. Walther has a B.S. in Information Science from Cornell University.
Foreword
Preface
Who This Book Is For
Leveraging Free Tools
About the Cover
Organization
Conventions Used in This Book
Using Code Examples
Safari® Books Online
Comments and Questions
Acknowledgments
Chapter 1: Introduction
1.1 What Is Security Testing?
1.2 What Are Web Applications?
1.3 Web Application Fundamentals
1.4 Web App Security Testing
1.5 It's About the How
Chapter 2: Installing Some Free Tools
2.1 Installing Firefox
2.2 Installing Firefox Extensions
2.3 Installing Firebug
2.4 Installing OWASP's WebScarab
2.5 Installing Perl and Packages on Windows
2.6 Installing Perl and Using CPAN on Linux, Unix, or OS X
2.7 Installing CAL9000
2.8 Installing the ViewState Decoder
2.9 Installing cURL
2.10 Installing Pornzilla
2.11 Installing Cygwin
2.12 Installing Nikto 2
2.13 Installing Burp Suite
2.14 Installing Apache HTTP Server
Chapter 3: Basic Observation
3.1 Viewing a Page's HTML Source
3.2 Viewing the Source, Advanced
3.3 Observing Live Request Headers with Firebug
3.4 Observing Live Post Data with WebScarab
3.5 Seeing Hidden Form Fields
3.6 Observing Live Response Headers with TamperData
3.7 Highlighting JavaScript and Comments
3.8 Detecting JavaScript Events
3.9 Modifying Specific Element Attributes
3.10 Track Element Attributes Dynamically
3.11 Conclusion
Chapter 4: Web-Oriented Data Encoding
4.1 Recognizing Binary Data Representations
4.2 Working with Base 64
4.3 Converting Base-36 Numbers in a Web Page
4.4 Working with Base 36 in Perl
4.5 Working with URL-Encoded Data
4.6 Working with HTML Entity Data
4.7 Calculating Hashes
4.8 Recognizing Time Formats
4.9 Encoding Time Values Programmatically
4.10 Decoding ASP.NET's ViewState
4.11 Decoding Multiple Encodings
Chapter 5: Tampering with Input
5.1 Intercepting and Modifying POST Requests
5.2 Bypassing Input Limits
5.3 Tampering with the URL
5.4 Automating URL Tampering
5.5 Testing URL-Length Handling
5.6 Editing Cookies
5.7 Falsifying Browser Header Information
5.8 Uploading Files with Malicious Names
5.9 Uploading Large Files
5.10 Uploading Malicious XML Entity Files
5.11 Uploading Malicious XML Structure
5.12 Uploading Malicious ZIP Files
5.13 Uploading Sample Virus Files
5.14 Bypassing User-Interface Restrictions
Chapter 6: Automated Bulk Scanning
6.1 Spidering a Website with WebScarab
6.2 Turning Spider Results into an Inventory
6.3 Reducing the URLs to Test
6.4 Using a Spreadsheet to Pare Down the List
6.5 Mirroring a Website with LWP
6.6 Mirroring a Website with wget
6.7 Mirroring a Specific Inventory with wget
6.8 Scanning a Website with Nikto
6.9 Interpretting Nikto's Results
6.10 Scan an HTTPS Site with Nikto
6.11 Using Nikto with Authentication
6.12 Start Nikto at a Specific Starting Point
6.13 Using a Specific Session Cookie with Nikto
6.14 Testing Web Services with WSFuzzer
6.15 Interpreting WSFuzzer's Results
Chapter 7: Automating Specific Tasks with cURL
7.1 Fetching a Page with cURL
7.2 Fetching Many Variations on a URL
7.3 Following Redirects Automatically
7.4 Checking for Cross-Site Scripting with cURL
7.5 Checking for Directory Traversal with cURL
7.6 Impersonating a Specific Kind of Web Browser or Device
7.7 Interactively Impersonating Another Device
7.8 Imitating a Search Engine with cURL
7.9 Faking Workflow by Forging Referer Headers
7.10 Fetching Only the HTTP Headers
7.11 POSTing with cURL
7.12 Maintaining Session State
7.13 Manipulating Cookies
7.14 Uploading a File with cURL
7.15 Building a Multistage Test Case
7.16 Conclusion
Chapter 8: Automating with LibWWWPerl
8.1 Writing a Basic Perl Script to Fetch a Page
8.2 Programmatically Changing Parameters
8.3 Simulating Form Input with POST
8.4 Capturing and Storing Cookies
8.5 Checking Session Expiration
8.6 Testing Session Fixation
8.7 Sending Malicious Cookie Values
8.8 Uploading Malicious File Contents
8.9 Uploading Files with Malicious Names
8.10 Uploading Viruses to Applications
8.11 Parsing for a Received Value with Perl
8.12 Editing a Page Programmatically
8.13 Using Threading for Performance
Chapter 9: Seeking Design Flaws
9.1 Bypassing Required Navigation
9.2 Attempting Privileged Operations
9.3 Abusing Password Recovery
9.4 Abusing Predictable Identifiers
9.5 Predicting Credentials
9.6 Finding Random Numbers in Your Application
9.7 Testing Random Numbers
9.8 Abusing Repeatability
9.9 Abusing High-Load Actions
9.10 Abusing Restrictive Functionality
9.11 Abusing Race Conditions
Chapter 10: Attacking AJAX
10.1 Observing Live AJAX Requests
10.2 Identifying JavaScript in Applications
10.3 Tracing AJAX Activity Back to Its Source
10.4 Intercepting and Modifying AJAX Requests
10.5 Intercepting and Modifying Server Responses
10.6 Subverting AJAX with Injected Data
10.7 Subverting AJAX with Injected XML
10.8 Subverting AJAX with Injected JSON
10.9 Disrupting Client State
10.10 Checking for Cross-Domain Access
10.11 Reading Private Data via JSON Hijacking
Chapter 11: Manipulating Sessions
11.1 Finding Session Identifiers in Cookies
11.2 Finding Session Identifiers in Requests
11.3 Finding Authorization Headers
11.4 Analyzing Session ID Expiration
11.5 Analyzing Session Identifiers with Burp
11.6 Analyzing Session Randomness with WebScarab
11.7 Changing Sessions to Evade Restrictions
11.8 Impersonating Another User
11.9 Fixing Sessions
11.10 Testing for Cross-Site Request Forgery
Chapter 12: Multifaceted Tests
12.1 Stealing Cookies Using XSS
12.2 Creating Overlays Using XSS
12.3 Making HTTP Requests Using XSS
12.4 Attempting DOM-Based XSS Interactively
12.5 Bypassing Field Length Restrictions (XSS)
12.6 Attempting Cross-Site Tracing Interactively
12.7 Modifying Host Headers
12.8 Brute-Force Guessing Usernames and Passwords
12.9 Attempting PHP Include File Injection Interactively
12.10 Creating Decompression Bombs
12.11 Attempting Command Injection Interactively
12.12 Attempting Command Injection Systematically
12.13 Attempting XPath Injection Interactively
12.14 Attempting Server-Side Includes (SSI) Injection Interactively
12.15 Attempting Server-Side Includes (SSI) Injection Systematically
12.16 Attempting LDAP Injection Interactively
12.17 Attempting Log Injection Interactively
Colophon
Preface
Who This Book Is For
Leveraging Free Tools
About the Cover
Organization
Conventions Used in This Book
Using Code Examples
Safari® Books Online
Comments and Questions
Acknowledgments
Chapter 1: Introduction
1.1 What Is Security Testing?
1.2 What Are Web Applications?
1.3 Web Application Fundamentals
1.4 Web App Security Testing
1.5 It's About the How
Chapter 2: Installing Some Free Tools
2.1 Installing Firefox
2.2 Installing Firefox Extensions
2.3 Installing Firebug
2.4 Installing OWASP's WebScarab
2.5 Installing Perl and Packages on Windows
2.6 Installing Perl and Using CPAN on Linux, Unix, or OS X
2.7 Installing CAL9000
2.8 Installing the ViewState Decoder
2.9 Installing cURL
2.10 Installing Pornzilla
2.11 Installing Cygwin
2.12 Installing Nikto 2
2.13 Installing Burp Suite
2.14 Installing Apache HTTP Server
Chapter 3: Basic Observation
3.1 Viewing a Page's HTML Source
3.2 Viewing the Source, Advanced
3.3 Observing Live Request Headers with Firebug
3.4 Observing Live Post Data with WebScarab
3.5 Seeing Hidden Form Fields
3.6 Observing Live Response Headers with TamperData
3.7 Highlighting JavaScript and Comments
3.8 Detecting JavaScript Events
3.9 Modifying Specific Element Attributes
3.10 Track Element Attributes Dynamically
3.11 Conclusion
Chapter 4: Web-Oriented Data Encoding
4.1 Recognizing Binary Data Representations
4.2 Working with Base 64
4.3 Converting Base-36 Numbers in a Web Page
4.4 Working with Base 36 in Perl
4.5 Working with URL-Encoded Data
4.6 Working with HTML Entity Data
4.7 Calculating Hashes
4.8 Recognizing Time Formats
4.9 Encoding Time Values Programmatically
4.10 Decoding ASP.NET's ViewState
4.11 Decoding Multiple Encodings
Chapter 5: Tampering with Input
5.1 Intercepting and Modifying POST Requests
5.2 Bypassing Input Limits
5.3 Tampering with the URL
5.4 Automating URL Tampering
5.5 Testing URL-Length Handling
5.6 Editing Cookies
5.7 Falsifying Browser Header Information
5.8 Uploading Files with Malicious Names
5.9 Uploading Large Files
5.10 Uploading Malicious XML Entity Files
5.11 Uploading Malicious XML Structure
5.12 Uploading Malicious ZIP Files
5.13 Uploading Sample Virus Files
5.14 Bypassing User-Interface Restrictions
Chapter 6: Automated Bulk Scanning
6.1 Spidering a Website with WebScarab
6.2 Turning Spider Results into an Inventory
6.3 Reducing the URLs to Test
6.4 Using a Spreadsheet to Pare Down the List
6.5 Mirroring a Website with LWP
6.6 Mirroring a Website with wget
6.7 Mirroring a Specific Inventory with wget
6.8 Scanning a Website with Nikto
6.9 Interpretting Nikto's Results
6.10 Scan an HTTPS Site with Nikto
6.11 Using Nikto with Authentication
6.12 Start Nikto at a Specific Starting Point
6.13 Using a Specific Session Cookie with Nikto
6.14 Testing Web Services with WSFuzzer
6.15 Interpreting WSFuzzer's Results
Chapter 7: Automating Specific Tasks with cURL
7.1 Fetching a Page with cURL
7.2 Fetching Many Variations on a URL
7.3 Following Redirects Automatically
7.4 Checking for Cross-Site Scripting with cURL
7.5 Checking for Directory Traversal with cURL
7.6 Impersonating a Specific Kind of Web Browser or Device
7.7 Interactively Impersonating Another Device
7.8 Imitating a Search Engine with cURL
7.9 Faking Workflow by Forging Referer Headers
7.10 Fetching Only the HTTP Headers
7.11 POSTing with cURL
7.12 Maintaining Session State
7.13 Manipulating Cookies
7.14 Uploading a File with cURL
7.15 Building a Multistage Test Case
7.16 Conclusion
Chapter 8: Automating with LibWWWPerl
8.1 Writing a Basic Perl Script to Fetch a Page
8.2 Programmatically Changing Parameters
8.3 Simulating Form Input with POST
8.4 Capturing and Storing Cookies
8.5 Checking Session Expiration
8.6 Testing Session Fixation
8.7 Sending Malicious Cookie Values
8.8 Uploading Malicious File Contents
8.9 Uploading Files with Malicious Names
8.10 Uploading Viruses to Applications
8.11 Parsing for a Received Value with Perl
8.12 Editing a Page Programmatically
8.13 Using Threading for Performance
Chapter 9: Seeking Design Flaws
9.1 Bypassing Required Navigation
9.2 Attempting Privileged Operations
9.3 Abusing Password Recovery
9.4 Abusing Predictable Identifiers
9.5 Predicting Credentials
9.6 Finding Random Numbers in Your Application
9.7 Testing Random Numbers
9.8 Abusing Repeatability
9.9 Abusing High-Load Actions
9.10 Abusing Restrictive Functionality
9.11 Abusing Race Conditions
Chapter 10: Attacking AJAX
10.1 Observing Live AJAX Requests
10.2 Identifying JavaScript in Applications
10.3 Tracing AJAX Activity Back to Its Source
10.4 Intercepting and Modifying AJAX Requests
10.5 Intercepting and Modifying Server Responses
10.6 Subverting AJAX with Injected Data
10.7 Subverting AJAX with Injected XML
10.8 Subverting AJAX with Injected JSON
10.9 Disrupting Client State
10.10 Checking for Cross-Domain Access
10.11 Reading Private Data via JSON Hijacking
Chapter 11: Manipulating Sessions
11.1 Finding Session Identifiers in Cookies
11.2 Finding Session Identifiers in Requests
11.3 Finding Authorization Headers
11.4 Analyzing Session ID Expiration
11.5 Analyzing Session Identifiers with Burp
11.6 Analyzing Session Randomness with WebScarab
11.7 Changing Sessions to Evade Restrictions
11.8 Impersonating Another User
11.9 Fixing Sessions
11.10 Testing for Cross-Site Request Forgery
Chapter 12: Multifaceted Tests
12.1 Stealing Cookies Using XSS
12.2 Creating Overlays Using XSS
12.3 Making HTTP Requests Using XSS
12.4 Attempting DOM-Based XSS Interactively
12.5 Bypassing Field Length Restrictions (XSS)
12.6 Attempting Cross-Site Tracing Interactively
12.7 Modifying Host Headers
12.8 Brute-Force Guessing Usernames and Passwords
12.9 Attempting PHP Include File Injection Interactively
12.10 Creating Decompression Bombs
12.11 Attempting Command Injection Interactively
12.12 Attempting Command Injection Systematically
12.13 Attempting XPath Injection Interactively
12.14 Attempting Server-Side Includes (SSI) Injection Interactively
12.15 Attempting Server-Side Includes (SSI) Injection Systematically
12.16 Attempting LDAP Injection Interactively
12.17 Attempting Log Injection Interactively
Colophon
Foreword
Preface
Who This Book Is For
Leveraging Free Tools
About the Cover
Organization
Conventions Used in This Book
Using Code Examples
Safari® Books Online
Comments and Questions
Acknowledgments
Chapter 1: Introduction
1.1 What Is Security Testing?
1.2 What Are Web Applications?
1.3 Web Application Fundamentals
1.4 Web App Security Testing
1.5 It's About the How
Chapter 2: Installing Some Free Tools
2.1 Installing Firefox
2.2 Installing Firefox Extensions
2.3 Installing Firebug
2.4 Installing OWASP's WebScarab
2.5 Installing Perl and Packages on Windows
2.6 Installing Perl and Using CPAN on Linux, Unix, or OS X
2.7 Installing CAL9000
2.8 Installing the ViewState Decoder
2.9 Installing cURL
2.10 Installing Pornzilla
2.11 Installing Cygwin
2.12 Installing Nikto 2
2.13 Installing Burp Suite
2.14 Installing Apache HTTP Server
Chapter 3: Basic Observation
3.1 Viewing a Page's HTML Source
3.2 Viewing the Source, Advanced
3.3 Observing Live Request Headers with Firebug
3.4 Observing Live Post Data with WebScarab
3.5 Seeing Hidden Form Fields
3.6 Observing Live Response Headers with TamperData
3.7 Highlighting JavaScript and Comments
3.8 Detecting JavaScript Events
3.9 Modifying Specific Element Attributes
3.10 Track Element Attributes Dynamically
3.11 Conclusion
Chapter 4: Web-Oriented Data Encoding
4.1 Recognizing Binary Data Representations
4.2 Working with Base 64
4.3 Converting Base-36 Numbers in a Web Page
4.4 Working with Base 36 in Perl
4.5 Working with URL-Encoded Data
4.6 Working with HTML Entity Data
4.7 Calculating Hashes
4.8 Recognizing Time Formats
4.9 Encoding Time Values Programmatically
4.10 Decoding ASP.NET's ViewState
4.11 Decoding Multiple Encodings
Chapter 5: Tampering with Input
5.1 Intercepting and Modifying POST Requests
5.2 Bypassing Input Limits
5.3 Tampering with the URL
5.4 Automating URL Tampering
5.5 Testing URL-Length Handling
5.6 Editing Cookies
5.7 Falsifying Browser Header Information
5.8 Uploading Files with Malicious Names
5.9 Uploading Large Files
5.10 Uploading Malicious XML Entity Files
5.11 Uploading Malicious XML Structure
5.12 Uploading Malicious ZIP Files
5.13 Uploading Sample Virus Files
5.14 Bypassing User-Interface Restrictions
Chapter 6: Automated Bulk Scanning
6.1 Spidering a Website with WebScarab
6.2 Turning Spider Results into an Inventory
6.3 Reducing the URLs to Test
6.4 Using a Spreadsheet to Pare Down the List
6.5 Mirroring a Website with LWP
6.6 Mirroring a Website with wget
6.7 Mirroring a Specific Inventory with wget
6.8 Scanning a Website with Nikto
6.9 Interpretting Nikto's Results
6.10 Scan an HTTPS Site with Nikto
6.11 Using Nikto with Authentication
6.12 Start Nikto at a Specific Starting Point
6.13 Using a Specific Session Cookie with Nikto
6.14 Testing Web Services with WSFuzzer
6.15 Interpreting WSFuzzer's Results
Chapter 7: Automating Specific Tasks with cURL
7.1 Fetching a Page with cURL
7.2 Fetching Many Variations on a URL
7.3 Following Redirects Automatically
7.4 Checking for Cross-Site Scripting with cURL
7.5 Checking for Directory Traversal with cURL
7.6 Impersonating a Specific Kind of Web Browser or Device
7.7 Interactively Impersonating Another Device
7.8 Imitating a Search Engine with cURL
7.9 Faking Workflow by Forging Referer Headers
7.10 Fetching Only the HTTP Headers
7.11 POSTing with cURL
7.12 Maintaining Session State
7.13 Manipulating Cookies
7.14 Uploading a File with cURL
7.15 Building a Multistage Test Case
7.16 Conclusion
Chapter 8: Automating with LibWWWPerl
8.1 Writing a Basic Perl Script to Fetch a Page
8.2 Programmatically Changing Parameters
8.3 Simulating Form Input with POST
8.4 Capturing and Storing Cookies
8.5 Checking Session Expiration
8.6 Testing Session Fixation
8.7 Sending Malicious Cookie Values
8.8 Uploading Malicious File Contents
8.9 Uploading Files with Malicious Names
8.10 Uploading Viruses to Applications
8.11 Parsing for a Received Value with Perl
8.12 Editing a Page Programmatically
8.13 Using Threading for Performance
Chapter 9: Seeking Design Flaws
9.1 Bypassing Required Navigation
9.2 Attempting Privileged Operations
9.3 Abusing Password Recovery
9.4 Abusing Predictable Identifiers
9.5 Predicting Credentials
9.6 Finding Random Numbers in Your Application
9.7 Testing Random Numbers
9.8 Abusing Repeatability
9.9 Abusing High-Load Actions
9.10 Abusing Restrictive Functionality
9.11 Abusing Race Conditions
Chapter 10: Attacking AJAX
10.1 Observing Live AJAX Requests
10.2 Identifying JavaScript in Applications
10.3 Tracing AJAX Activity Back to Its Source
10.4 Intercepting and Modifying AJAX Requests
10.5 Intercepting and Modifying Server Responses
10.6 Subverting AJAX with Injected Data
10.7 Subverting AJAX with Injected XML
10.8 Subverting AJAX with Injected JSON
10.9 Disrupting Client State
10.10 Checking for Cross-Domain Access
10.11 Reading Private Data via JSON Hijacking
Chapter 11: Manipulating Sessions
11.1 Finding Session Identifiers in Cookies
11.2 Finding Session Identifiers in Requests
11.3 Finding Authorization Headers
11.4 Analyzing Session ID Expiration
11.5 Analyzing Session Identifiers with Burp
11.6 Analyzing Session Randomness with WebScarab
11.7 Changing Sessions to Evade Restrictions
11.8 Impersonating Another User
11.9 Fixing Sessions
11.10 Testing for Cross-Site Request Forgery
Chapter 12: Multifaceted Tests
12.1 Stealing Cookies Using XSS
12.2 Creating Overlays Using XSS
12.3 Making HTTP Requests Using XSS
12.4 Attempting DOM-Based XSS Interactively
12.5 Bypassing Field Length Restrictions (XSS)
12.6 Attempting Cross-Site Tracing Interactively
12.7 Modifying Host Headers
12.8 Brute-Force Guessing Usernames and Passwords
12.9 Attempting PHP Include File Injection Interactively
12.10 Creating Decompression Bombs
12.11 Attempting Command Injection Interactively
12.12 Attempting Command Injection Systematically
12.13 Attempting XPath Injection Interactively
12.14 Attempting Server-Side Includes (SSI) Injection Interactively
12.15 Attempting Server-Side Includes (SSI) Injection Systematically
12.16 Attempting LDAP Injection Interactively
12.17 Attempting Log Injection Interactively
Colophon
Preface
Who This Book Is For
Leveraging Free Tools
About the Cover
Organization
Conventions Used in This Book
Using Code Examples
Safari® Books Online
Comments and Questions
Acknowledgments
Chapter 1: Introduction
1.1 What Is Security Testing?
1.2 What Are Web Applications?
1.3 Web Application Fundamentals
1.4 Web App Security Testing
1.5 It's About the How
Chapter 2: Installing Some Free Tools
2.1 Installing Firefox
2.2 Installing Firefox Extensions
2.3 Installing Firebug
2.4 Installing OWASP's WebScarab
2.5 Installing Perl and Packages on Windows
2.6 Installing Perl and Using CPAN on Linux, Unix, or OS X
2.7 Installing CAL9000
2.8 Installing the ViewState Decoder
2.9 Installing cURL
2.10 Installing Pornzilla
2.11 Installing Cygwin
2.12 Installing Nikto 2
2.13 Installing Burp Suite
2.14 Installing Apache HTTP Server
Chapter 3: Basic Observation
3.1 Viewing a Page's HTML Source
3.2 Viewing the Source, Advanced
3.3 Observing Live Request Headers with Firebug
3.4 Observing Live Post Data with WebScarab
3.5 Seeing Hidden Form Fields
3.6 Observing Live Response Headers with TamperData
3.7 Highlighting JavaScript and Comments
3.8 Detecting JavaScript Events
3.9 Modifying Specific Element Attributes
3.10 Track Element Attributes Dynamically
3.11 Conclusion
Chapter 4: Web-Oriented Data Encoding
4.1 Recognizing Binary Data Representations
4.2 Working with Base 64
4.3 Converting Base-36 Numbers in a Web Page
4.4 Working with Base 36 in Perl
4.5 Working with URL-Encoded Data
4.6 Working with HTML Entity Data
4.7 Calculating Hashes
4.8 Recognizing Time Formats
4.9 Encoding Time Values Programmatically
4.10 Decoding ASP.NET's ViewState
4.11 Decoding Multiple Encodings
Chapter 5: Tampering with Input
5.1 Intercepting and Modifying POST Requests
5.2 Bypassing Input Limits
5.3 Tampering with the URL
5.4 Automating URL Tampering
5.5 Testing URL-Length Handling
5.6 Editing Cookies
5.7 Falsifying Browser Header Information
5.8 Uploading Files with Malicious Names
5.9 Uploading Large Files
5.10 Uploading Malicious XML Entity Files
5.11 Uploading Malicious XML Structure
5.12 Uploading Malicious ZIP Files
5.13 Uploading Sample Virus Files
5.14 Bypassing User-Interface Restrictions
Chapter 6: Automated Bulk Scanning
6.1 Spidering a Website with WebScarab
6.2 Turning Spider Results into an Inventory
6.3 Reducing the URLs to Test
6.4 Using a Spreadsheet to Pare Down the List
6.5 Mirroring a Website with LWP
6.6 Mirroring a Website with wget
6.7 Mirroring a Specific Inventory with wget
6.8 Scanning a Website with Nikto
6.9 Interpretting Nikto's Results
6.10 Scan an HTTPS Site with Nikto
6.11 Using Nikto with Authentication
6.12 Start Nikto at a Specific Starting Point
6.13 Using a Specific Session Cookie with Nikto
6.14 Testing Web Services with WSFuzzer
6.15 Interpreting WSFuzzer's Results
Chapter 7: Automating Specific Tasks with cURL
7.1 Fetching a Page with cURL
7.2 Fetching Many Variations on a URL
7.3 Following Redirects Automatically
7.4 Checking for Cross-Site Scripting with cURL
7.5 Checking for Directory Traversal with cURL
7.6 Impersonating a Specific Kind of Web Browser or Device
7.7 Interactively Impersonating Another Device
7.8 Imitating a Search Engine with cURL
7.9 Faking Workflow by Forging Referer Headers
7.10 Fetching Only the HTTP Headers
7.11 POSTing with cURL
7.12 Maintaining Session State
7.13 Manipulating Cookies
7.14 Uploading a File with cURL
7.15 Building a Multistage Test Case
7.16 Conclusion
Chapter 8: Automating with LibWWWPerl
8.1 Writing a Basic Perl Script to Fetch a Page
8.2 Programmatically Changing Parameters
8.3 Simulating Form Input with POST
8.4 Capturing and Storing Cookies
8.5 Checking Session Expiration
8.6 Testing Session Fixation
8.7 Sending Malicious Cookie Values
8.8 Uploading Malicious File Contents
8.9 Uploading Files with Malicious Names
8.10 Uploading Viruses to Applications
8.11 Parsing for a Received Value with Perl
8.12 Editing a Page Programmatically
8.13 Using Threading for Performance
Chapter 9: Seeking Design Flaws
9.1 Bypassing Required Navigation
9.2 Attempting Privileged Operations
9.3 Abusing Password Recovery
9.4 Abusing Predictable Identifiers
9.5 Predicting Credentials
9.6 Finding Random Numbers in Your Application
9.7 Testing Random Numbers
9.8 Abusing Repeatability
9.9 Abusing High-Load Actions
9.10 Abusing Restrictive Functionality
9.11 Abusing Race Conditions
Chapter 10: Attacking AJAX
10.1 Observing Live AJAX Requests
10.2 Identifying JavaScript in Applications
10.3 Tracing AJAX Activity Back to Its Source
10.4 Intercepting and Modifying AJAX Requests
10.5 Intercepting and Modifying Server Responses
10.6 Subverting AJAX with Injected Data
10.7 Subverting AJAX with Injected XML
10.8 Subverting AJAX with Injected JSON
10.9 Disrupting Client State
10.10 Checking for Cross-Domain Access
10.11 Reading Private Data via JSON Hijacking
Chapter 11: Manipulating Sessions
11.1 Finding Session Identifiers in Cookies
11.2 Finding Session Identifiers in Requests
11.3 Finding Authorization Headers
11.4 Analyzing Session ID Expiration
11.5 Analyzing Session Identifiers with Burp
11.6 Analyzing Session Randomness with WebScarab
11.7 Changing Sessions to Evade Restrictions
11.8 Impersonating Another User
11.9 Fixing Sessions
11.10 Testing for Cross-Site Request Forgery
Chapter 12: Multifaceted Tests
12.1 Stealing Cookies Using XSS
12.2 Creating Overlays Using XSS
12.3 Making HTTP Requests Using XSS
12.4 Attempting DOM-Based XSS Interactively
12.5 Bypassing Field Length Restrictions (XSS)
12.6 Attempting Cross-Site Tracing Interactively
12.7 Modifying Host Headers
12.8 Brute-Force Guessing Usernames and Passwords
12.9 Attempting PHP Include File Injection Interactively
12.10 Creating Decompression Bombs
12.11 Attempting Command Injection Interactively
12.12 Attempting Command Injection Systematically
12.13 Attempting XPath Injection Interactively
12.14 Attempting Server-Side Includes (SSI) Injection Interactively
12.15 Attempting Server-Side Includes (SSI) Injection Systematically
12.16 Attempting LDAP Injection Interactively
12.17 Attempting Log Injection Interactively
Colophon