Flylib.com
List of Tables
Previous page
Table of content
Chapter 2: Profiling
Table 2-1: A Sample Matrix for Documenting Web Application Structure
Table 2-2: Common File Extensions and the Application or Technology That Typically Uses Them
Table 2-3: Common Query String Structure
Table 2-4: Attack Attempts and Implications
Table 2-5: Common Cookies Used by Off-the-shelf Web Software
Chapter 3: Hacking Web Platforms
Table 3-1: The Value of the SERVER_NAME Variable Depends on the Origin of the Request.
Table 3-2: ISAPI Extension Mappings That Should Be Unmapped in a Secure IIS Configuration
Table 3-3: Apache Modules That Are Potential Security Risks and Should Be Considered for Removal
Chapter 4: Web Authentication Attacking
Table 4-1: Common Usernames and Passwords Used in Guessing Attacks (Not Case-sensitive)
Table 4-2: A Summary of the Web Authentication Mechanisms Discussed So Far
Chapter 5: Attacking Web Authorization
Table 5-1: Information Commonly Stored in a Web Application Authorization/Session Token
Table 5-2: Common COTS Session IDs
Table 5-3: Common Session Token Contents
Table 5-4: Numeric Boundaries
Table 5-5: An Example Role Matrix
Table 5-6: Examples of Hidden Form Field Values
Table 5-7: Cookie Information Gleaned from our Fictitious Web Shopping Application
Table 5-8: Differential Analysis Results Produced While Browsing a Web Application While Authenticated As a Standard and Administrative User
Table 5-9: Cookie Values for Both Standard and Admin User Types
Table 5-10: Input Validation Checking Results for the Last Segment of the "jonafid" Cookie
Table 5-11: Results of Manual Parameter Injection to the "menu" Query String Parameter
Chapter 6: Input Validation Attacks
Table 6-1: Common URL Encoding Techniques Used by Attackers
Table 6-2: Popular Characters to Test Input Validation
Chapter 7: Attacking Web Datastores
Table 7-1: Common SQL Instructions
Table 7-2: Common Characters for Identifying SQL Injection Vulnerabilities
Table 7-3: Common Database Error Messages
Table 7-4: Common Parsing Errors
Table 7-5: Numeric Tests
Table 7-6: Alphanumeric Tests
Table 7-7: Alternate Alphanumeric Tests
Table 7-8: Tests to Produce Intentional Errors
Table 7-9: Space Delimiters
Table 7-10: Unicode Space Delimiters
Table 7-11: Characters to Modify a Query
Table 7-12: Useful Stored Procedures to Enumerate System Information
Table 7-13: Extended Procedures That Do Not Require Parameters
Table 7-14: Parameterized Stored Procedures
Table 7-15: System Table Objects
Table 7-16: Master Database Tables
Table 7-17: Language Constructs for Creating Stored Procedures
Chapter 8: Attacking XML Web Services
Table 8-1: Common Private UDDI Locations
Chapter 9: Attacking Web Application Management
Table 9-1: Common Default Web Server Management Ports
Table 9-2: WebDAV Methods That Can Be Abused
Table 9-3: Common HTTP Response Codes
Table 9-4: Common Filenames Used in Guessing Attacks
Chapter 10: Hacking Web Clients
Table 10-1: Selected ActiveX Security Vulnerabilities
Table 10-2: Recommended Internet Zone Security Settings (Custom Level Settings Made After
Chapter 12: Full-Knowledge Analysis
Table 12-1: Tools for Assessing and Improving Code Security
Chapter 13: Web Application Security Scanners
Table 13-1: Web Application Security Scanners We Tested ( please contact vendor for custom/ volume pricing)
Appendix C: URLScan and ModSecurity
Table C-1: IIS6 Request Restriction Settings Under HKLM\System\CurrentControlSet\Services\HTTP\Parameters
Previous page
Table of content
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127
Authors:
Joel Scambray
,
Vincent Liu
,
Caleb Sima
BUY ON AMAZON
Oracle Developer Forms Techniques
Advanced GUI Development: Developing Beyond GUI
Myths About the Form Filename, Form Module Name , and Form ID
File Output from a Block
Intelligence with Regard to Form Wizards
Creating a Tree Item
A Practitioners Guide to Software Test Design
Section I - Black Box Testing Techniques
Data Flow Testing
Scripted Testing
Test Planning
Section IV - Supporting Technologies
Systematic Software Testing (Artech House Computer Library)
Master Test Planning
Detailed Test Planning
Test Execution
Appendix C IEEE Templates
Appendix F Process Diagrams
Postfix: The Definitive Guide
Queue Management
Delivery to Commands
Mail Relaying
Daemon-Based Filtering
MySQL
Extending and Embedding PHP
It All Starts with the SAPI
Accepting Parameters
Accessing Streams
Extending and Embedding at Once
Execution
Cultural Imperative: Global Trends in the 21st Century
Cultural Spectacles
Cognitive Processes
The China Phenomenon
Epilogue After September 11
Appendix B Leadership Test
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies