Information Leakage Through HTML

Information Leakage Through HTML

Information leakage through HTML is a subtle issue. You can never pinpoint whether a particular piece of information displayed in the HTML source is dangerous simply by looking at it. A hacker has to take into account the big picture. Because he never knows what the missing pieces are until almost the very end of the puzzle, information derived from source sifting may not be relevant until the other pieces of the puzzle are put in place. The attack on acme-art.com, as discussed in the part opener Case Study, was successful only because the hacker was able to piece together information from HTML comments and hidden fields within forms.

In this chapter, we discuss the common sources of information leakage and what can be done to prevent them. Before we take a look at the fine art of gathering clues, let's quickly review how to use the tools we need for our tasks the browsers.

 



Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net