W
| | ||
.war files, 85
Watchfire AppScan 6, 449450, 451
Watchfire PowerTools, 2223
See also HTTP proxies
Wayback Machine method, 315319
web app hacking
defined, 2
older tools, 24
who hackers are, 10
web application security scanners , 436437
Acunetix Enterprise Web Vulnerability Scanner (WVS) 3.0, 443444
Burp Suite 1.01, 451453
Cenzic Hailstorm 3.0, 444445
Compuware DevPartner SecurityChecker 2.0, 453455
Ecyware GreenBlue Inspector 1.5, 445446
nontechnical issues, 459462
N-Stalker N-Stealth 5.8, 450451, 452
SPI Dynamics WebInspect 5.8, 448449
Syhunt Sandcat Suite 1.6.2.1, 447448
test results, 455459
testbed, 437438
tests, 438443
Watchfire AppScan 6, 449450, 451
web applications
defined, 2
reasons for attacking, 910
resources, 67
weak spots, 1011
web authentication services, 142146
web browsers, 1213, 472
low-privilege browsing, 359360
See also browser extensions
web clients
adware and spyware, 350353
design liabilities, 338345
exploits, 332333
general countermeasures, 353354
and HTML, 78
implementation vulnerabilities, 333338
phishing, 346350
security zones, 354358
server-side countermeasures, 360361
trickery , 346
web content management, 297
developer-driven mistakes, 321327
FrontPage, 298300
FrontPage VSRAD buffer overflow, 300301
FTP, 297
hacking ViewState, 323327
IIS HTR Chunked Encoding Heap Overflow, 309310
include file disclosure, 322323
information leakage, 312321
SSH/scp, 297
unnecessary web server extensions, 308309
web server extension countermeasures, 310312
WebDAV, 301308
web crawling
automated, 6566
tools, 6670, 473
Web Distributed Authoring and Versioning. See WebDAV
web platforms, 80
security best practices, 102117
web services, 8
authentication, 287288
defined, 268269
DISCO, 277279
DISCO and WSDL disclosure attacks, 279281
external entity attacks, 283285
injection attacks, 281283
similarities to web application security, 279
SOAP over HTTP(S), 269271
and SSL, 288
tools, 476
UDDI, 275277
WSDL, 271274
WS-Security, 288290
XML security, 288
XPath injection attacks, 285287
web site, companion to this book, 508
WebCracker, 126, 127
WebDAV, 8
countermeasures to attacks, 306308
methods that can be abused, 302
tools, 476
vulnerabilities, 301306
WebInsta Mailing List manager, 9495
WebScarab, 1819, 20
See also HTTP proxies
WebService Studio, 271
WebSphere, 74
Wget, 6869
white box, 398
See also full-knowledge analysis
Windows Defender, 352
Windows OneCare, 352
worms
Code Red, 104
Lupper/Plupii, 90
Nimda, 104
WSDigger, 271
WSDL, 271274
disclosure attacks, 279281
WS-Security, 288290
| | ||
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 127
Pages: 127