Introduction

Previous page
Table of content
Next page

Introduction

Recall that a Web application consists of several components, including a front-end Web server, an application server, and a database server. To understand the risk inherent in these components as a whole, you have to analyze and understand the importance and functionality of each of them. In this chapter we describe techniques for identifying and categorizing all the Web resources and technologies used in a Web application.

"Web resources" are objects accessible to the browser via HTTP or HTTP over SSL. A Web resource may be a static HTML file, a program that dynamically generates HTML content, or a client-side applet, among others. We cover several of these resources and their use in this chapter. This material will help you understand further the Web hacker's mindset and how a Web application appears to the hacker.

Understanding Web hacking requires an appreciation for the strong conceptual links between Web resources and their functionality. There is always a purpose behind a particular Web page or resource. Thoroughly understanding that purpose and translating it into security terms can minimize the Web resource's vulnerability, either at the design stage or during implementation. For example, a Web resource that sets a cookie on the client's browser and another Web resource that provides the client with a fill-out form for executing queries have two distinct purposes. The first resource is involved in establishing a user session, using cookies, whereas the second resource is involved in accepting a user's input for creating and executing a database query. Hence the first resource is associated with session management, and the second resource is associated with a database interface. As a result, a security analyst can categorize each resource according to its functional needs. The process of analyzing the collection of Web resources, setting up a relationship between each Web resource and its functionality, and deriving an overall picture of the components based on functional groups is known as linkage analysis. It justifies the existence of a particular resource for the specific function that it aims to provide.

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Project Management JumpStart
Adobe After Effects 7.0 Studio Techniques
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy