I
| | ||
identity management, 148
credential management attacks, 152
user registration attacks, 149151
identity theft, 153
IE Headers, 14
See also browser extensions
IEWatch, 14, 15
See also browser extensions
IIS
authorization, 201202
detailed error messages, 105
disabling web server extensions, 310311
hardening, 104110
HTR Chunked Encoding Heap Overflow, 309310
overload, 458459
Permissions Wizard, 108
securing WebDAV configuration on, 307308
unused extension mappings, 105107
IIS Lockdown, 107108, 485490, 505506
rolling back, 490492
unattended installation, 492
impact, 405
implementation vulnerabilities, 333334
countermeasures to attacks, 337338
Java, 334335
web image parser vulnerabilities, 335337
include files
disclosure attacks, 322323
protecting, 76
information leakage, file, path , and user disclosure, 312320
infrastructure profiling, 2840
initial sequence numbers . See ISNs
input validation, 210
attack vectors, 212213
boundary checks, 224225
buffer overflow attacks, 213215
bypassing client-side validation routines, 213
canonicalization (dot-dot-slash), 215220
command execution, 226228
common side-effects to attacks, 230
countermeasures to attacks, 230231
encoding abuse, 228229
HTML injection, 220224
libraries, 430
manipulating application behavior, 225226
PHP global variables , 229230
popular characters for testing, 477478
SQL injection and datastore attacks, 226
tools and techniques, 477
unexpected forms of attack, 210212
web services injection attacks, 281283
Internet Explorer
attacking the Local Machine Zone (LMZ), 339341
browser extensions, 1314
Browser Helper Object (BHO), 352
Enhanced Security Configuration (ESC), 360
extensions for HTTP/S analysis, 472
Protected Mode IE (PMIE), 360
security zones, 354358
intrusion detection systems, 392
IP address, authorization, 201202
ISNs, 179182
| | ||
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 127
Pages: 127
- Integration Strategies and Tactics for Information Technology Governance
- Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial Group
- Measuring and Managing E-Business Initiatives Through the Balanced Scorecard
- Managing IT Functions
- Governance Structures for IT in the Health Care Industry