S
| | ||
scanners , 436437
Acunetix Enterprise Web Vulnerability Scanner (WVS) 3.0, 443444
Burp Suite 1.01, 451453
Cenzic Hailstorm 3.0, 444445
Compuware DevPartner
SecurityChecker 2.0, 453455
Ecyware GreenBlue Inspector 1.5, 445446
nontechnical issues, 459462
N-Stalker N-Stealth 5.8, 450451, 452
SPI Dynamics WebInspect 5.8, 448449
Syhunt Sandcat Suite 1.6.2.1, 447448
test results, 455459
testbed, 437438
tests, 438443
Watchfire AppScan 6, 449450, 451
scanning
port scanning surrounding IP ranges, 34
for vulnerable servers, 103
SDL, 427
search engines, 225226
search tools, for profiling, 6065
Secure Copy (scp), 297
Secure Shell (SSH), 295
SecureIIS, 40
security
checklist, 466470
commercial web app security scanners, 474
cultural buy-in, 428
flaws, 193194
free web app security scanners, 473
liaison, 428
logs, 205206
patches, 102103
people, 427
PHP best practices, 115117
process, 429
sample web apps for security testing, 473
session tokens, 202205
technologies, 429431
in web development process, 427431
web platform best practices, 102117
XML, 288
zones, 354358
Security Development Lifecycle (SDL), 427
SecurityChecker 2.0, 453455
self-referenced packet loops , 369
semicolons, 227228
servers, 4
hardening, 388389
head anomalies, 3132
virtual, 33
session fixation, 184185
session hijacking, 147
session IDs, 162164
attacks, 147
collecting samples, 178179
nonlinear analysis, 179182
session management, 7, 476
session tokens
analyzing, 165166
security, 202205
Smurf, 372
SOAP
hacking tools, 271
over HTTP(S), 269271
tools, 476
SoapClient.com, 271
social engineering, 346
source code, putting private data in, 103
space delimiters, 246247
SPI Dynamics WebInspect 5.8, 448449
Spike Web Proxy, 424425
Spybot Search and Destroy, 352353
SpySweeper, 352
spyware, 350353
SQL, 236237
basic SQL injection syntax, 478
common SQL statements, 237238
default master database tables, 481
subqueries, 249251
syntax, 237, 238242
system table objects, 480
UNION operator, 251255
useful MS SQL server variables , 479
SQL injection, 226
alphanumeric tests, 245
altering processes, 247248
alternate character encoding, 246247
common characters for identifying vulnerabilities, 240
common database error messages, 241
common parsing errors, 241
decoupling query logic from query data, 262265
input validation, 262
and Microsoft Access Database, 256
and Microsoft SQL Server, 256260
and MySQL, 260
numeric tests, 244
and Oracle, 260261
querying alternate data, 249255
semantics and behavior, 242246
syntax and errors, 238242
testing, 458
tests to produce intentional errors, 246
SSH, 295
SSH2, 297
SSL
enumerating anomalies, 35
and web services, 288
static pages, 4345
status page information leakage, 320321
stored procedures
for enumerating SQL Server, 479
MS SQL nonparameterized extended stored procedures, 480
MS SQL parameterized extended
stored procedures, 479480
and SQL injection, 264265
SQL Server, 256258
SuExec, 113
superglobal variables, 229230
Syhunt Sandcat Suite 1.6.2.1, 447448
SYN floods, 370371
See also DoS attacks
SYNDefender, 384
system table objects, SQL Server, 259260
| | ||
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 127
Pages: 127