Paros Proxy, 18, 19
See also HTTP proxies
passwords
error messages in password change, 123124
guessing, 124130
one-time passwords. See one-time passwords
See also authentication
patches, security, 102103
PEAR/PHP XML-RPC code execution, 9092
countermeasure, 93
penetration testing, 426427
permissions, using Curl to map, 196199
personally identifiable information (PII), 361
phishing, 346348
countermeasures, 349350
PHP
best practices, 115117
global variables , 229230
phpBB DoS vulnerabilities, 377378
PHP remote inclusion, 9395
countermeasure, 95
piggybacking, client-side, 152
point-and-click exploitation, 8184
ports
common ports used for web management, 481482
proprietary management ports, 295, 296
POST data, manual tampering attacks against, 171172
profiling
application, 4074
banner grabbing , 2930
BroadVision, 7172
common web app profiles, 7074
fingerprinting, 3032
footprinting, 2829
infrastructure, 2840
Lotus Domino, 74
Oracle Application Server, 71
PeopleSoft, 7274
search tools, 6065
tools and techniques, 475
and username enumeration, 123
WebSphere, 74
Protected Mode IE (PMIE), 360
proxies
detecting, 3638
HTTP, 1723
mega-proxies, 385
reverse, 3637
standard connect test, 37
standard proxy request, 3738