References And Further Reading

Reference

Link

General References

 

"Brute Force Exploitation of Web Application Session IDs" by David Endler

http://downloads.securityfocus.com/library/SessionIDs.pdf

"Session Fixation Vulnerability in Web-based Applications" by ACROS Security

http://www.acros.si/papers/session_fixation.pdf

Role Based Access Control

http://csrc.nist.gov/rbac/

PHP Security

http://www.php.net/manual/security.php

Apache Authn/Authz Resources

 

Apache 2.2 Authentication, Authorization and Access Control

http://httpd.apache.org/docs/2.2/howto/auth.html

Apache suEXEC, approximates impersonation

http://httpd.apache.org/docs/1.3/suexec.html

IIS Authn/Authz Resources

 

"IIS Authentication" from MSDN

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconIISAuthentication.asp

"How IIS Authenticates Browser Clients"

http://support.microsoft.com/?kbid=264921

"How To Configure IIS Web Site Authentication in Windows Server 2003"

http://support.microsoft.com/kb/324274/

"NTLM Authentication Scheme for HTTP"

http://www.innovation.ch/personal/ ronald /ntlm.html

"How To: Use Windows Authentication in ASP.NET 2.0" (good technical coverage of authz)

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000025.asp

"How To: Protect Forms Authentication in ASP.NET 2.0"

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000025.asp

"How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI"

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000005.asp

"How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA"

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp

Microsoft Authorization Manager (AzMan) whitepaper

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/athmanwp.mspx

.NET ViewState Overview

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp11222001.asp

Tools

 

Offline Explorer Pro

http://www.metaproducts.com

WebScarab

http://www.owasp.org/software/webscarab.html

SPI Dynamics' SPI ToolKit

http://www.spidynamics.com/products/webinspect/toolkit.html

Cookies

 

RFC 2109, "HTTP State Management Mechanism" (The Cookies RFC)

http://www.ietf.org/rfc/rfc2109.txt

Paper detailing cookie analysis, focuses on authentication

http://cookies.lcs.mit.edu/pubs/webauth:sec10.pdf

CookieSpy

http://www.codeproject.com/shell/cookiespy.asp



Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net