C
| | ||
caching devices, 386
CACLS, 108109
canonicalization (dot-dot-slash), 215220
countermeasure, 220
CAPTCHAs, 129
denial-of-revenue attacks, 382383
phpBB DoS vulnerabilities, 378
and threat mitigation strategies, 406407
user registration attacks, 149151
capture/replay, 184
case studies, authorization attacks, 185199
Cenzic Hailstorm 3.0, 444445
challenge-response authentication model, 132
chrooting Apache, 112113
client-side analysis, tools and techniques, 482
client-side piggybacking, 152
code analysis, tools, 474
Code Red worm, 104
code review, 407
authorization mistakes in code, 412413
automated, 414, 415
binary analysis, 414423
debug mistakes in code, 413414
manual, 408414
poor input handling, 409411
poor SQL statement composition, 411412
secrets in code, 412
combos , 369
command execution, 226228
command-line tools, 473
Curl, 23
netcat, 23
comments, 5253
common off-the-shelf software. See COTS
Common Vulnerability Scoring System (CVSS), 405
Compuware DevPartner SecurityChecker 2.0, 453455
CONNECT command, 37
cookies, 174
bypassing expire times, 177178
common, 60
hacking, 147148
load balancers, 35
manual tampering attacks against, 175178
and predefined headers, 223
CookieSpy, 176177
COTS, 80
COTS session IDs, 162
crawling
automated, 6566
tools, 6670, 473
crawling ACLs, 161162
credential management attacks, 152
cross-site scripting, 221222
crypto, 166
cultural buy-in, 428
Curl, 23
mapping permissions, 196199
See also command-line tools
CVSS, 405
| | ||
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 127
Pages: 127