Finding Canonicalization Issues

Previous page
Table of content
Next page

The main methodology in testing for canonicalization issues is to determine whether your application is making security decisions based on a name of a resource, and then try to trick the parser by using other variations of that same name . Here are the basic steps to follow when looking for canonicalization issues:

  1. Identify places where your application uses data to make security decisions or presents the user with data to make a security decision.

  2. Try alternate representations of data to see whether you can bypass the check, such as using a forward slash instead of a backslash or tabs instead of spaces.

  3. Use different encodings, which are discussed later in this chapter, to attempt to trick the parser.


Previous page
Table of content
Next page
Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156
Authors: Tom Gallagher, Lawrence Landauer, Bryan Jeffries
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Network Security Architectures
SQL Hacks
Data Structures and Algorithms in Java
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Twisted Network Programming Essentials
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy