Flylib.com
List of Tables
Previous page
Table of content
Chapter 2: Profiling
Table 2-1: A Sample Matrix for Documenting Web Application Structure
Table 2-2: Common File Extensions and the Application or Technology That Typically Uses Them
Table 2-3: Common Query String Structure
Table 2-4: Attack Attempts and Implications
Table 2-5: Common Cookies Used by Off-the-shelf Web Software
Chapter 3: Hacking Web Platforms
Table 3-1: The Value of the SERVER_NAME Variable Depends on the Origin of the Request.
Table 3-2: ISAPI Extension Mappings That Should Be Unmapped in a Secure IIS Configuration
Table 3-3: Apache Modules That Are Potential Security Risks and Should Be Considered for Removal
Chapter 4: Web Authentication Attacking
Table 4-1: Common Usernames and Passwords Used in Guessing Attacks (Not Case-sensitive)
Table 4-2: A Summary of the Web Authentication Mechanisms Discussed So Far
Chapter 5: Attacking Web Authorization
Table 5-1: Information Commonly Stored in a Web Application Authorization/Session Token
Table 5-2: Common COTS Session IDs
Table 5-3: Common Session Token Contents
Table 5-4: Numeric Boundaries
Table 5-5: An Example Role Matrix
Table 5-6: Examples of Hidden Form Field Values
Table 5-7: Cookie Information Gleaned from our Fictitious Web Shopping Application
Table 5-8: Differential Analysis Results Produced While Browsing a Web Application While Authenticated As a Standard and Administrative User
Table 5-9: Cookie Values for Both Standard and Admin User Types
Table 5-10: Input Validation Checking Results for the Last Segment of the "jonafid" Cookie
Table 5-11: Results of Manual Parameter Injection to the "menu" Query String Parameter
Chapter 6: Input Validation Attacks
Table 6-1: Common URL Encoding Techniques Used by Attackers
Table 6-2: Popular Characters to Test Input Validation
Chapter 7: Attacking Web Datastores
Table 7-1: Common SQL Instructions
Table 7-2: Common Characters for Identifying SQL Injection Vulnerabilities
Table 7-3: Common Database Error Messages
Table 7-4: Common Parsing Errors
Table 7-5: Numeric Tests
Table 7-6: Alphanumeric Tests
Table 7-7: Alternate Alphanumeric Tests
Table 7-8: Tests to Produce Intentional Errors
Table 7-9: Space Delimiters
Table 7-10: Unicode Space Delimiters
Table 7-11: Characters to Modify a Query
Table 7-12: Useful Stored Procedures to Enumerate System Information
Table 7-13: Extended Procedures That Do Not Require Parameters
Table 7-14: Parameterized Stored Procedures
Table 7-15: System Table Objects
Table 7-16: Master Database Tables
Table 7-17: Language Constructs for Creating Stored Procedures
Chapter 8: Attacking XML Web Services
Table 8-1: Common Private UDDI Locations
Chapter 9: Attacking Web Application Management
Table 9-1: Common Default Web Server Management Ports
Table 9-2: WebDAV Methods That Can Be Abused
Table 9-3: Common HTTP Response Codes
Table 9-4: Common Filenames Used in Guessing Attacks
Chapter 10: Hacking Web Clients
Table 10-1: Selected ActiveX Security Vulnerabilities
Table 10-2: Recommended Internet Zone Security Settings (Custom Level Settings Made After
Chapter 12: Full-Knowledge Analysis
Table 12-1: Tools for Assessing and Improving Code Security
Chapter 13: Web Application Security Scanners
Table 13-1: Web Application Security Scanners We Tested ( please contact vendor for custom/ volume pricing)
Appendix C: URLScan and ModSecurity
Table C-1: IIS6 Request Restriction Settings Under HKLM\System\CurrentControlSet\Services\HTTP\Parameters
Previous page
Table of content
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127
Authors:
Joel Scambray
,
Vincent Liu
,
Caleb Sima
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
A Closer Look at Defect Removal Effectiveness
Criteria for Model Evaluation
Measuring Levels Is Not Enough
Measuring Process Adoption
Celebrate the Journey, Not Just the Destination
SQL Tips & Techniques (Miscellaneous)
Using SQL Data Definition Language (DDL) to Create Data Tables and Other Database Objects
Using SQL Data Manipulation Language (DML) to Insert and Manipulate Data Within SQL Tables
Understanding SQL Transactions and Transaction Logs
Working with Functions, Parameters, and Data Types
Writing Advanced Queries and Subqueries
Documenting Software Architectures: Views and Beyond
Elements, Relations, and Properties of the Module Viewtype
Relation to Other Viewtypes
For Further Reading
Overview
Summary Checklist
Network Security Architectures
Applied Knowledge Questions
Topology Considerations
Threat Mitigation
Hardware-Based Teleworker Design
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Installing the Designer Client
Project: Building a Domino Web Site
Links to developerWorks
Add Field Validation to a Form
Modifying Data Using a LotusScript Agent
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Getting to Know AutoCAD
Gaining Drawing Strategies: Part 1
Generating Elevations
Using Layouts to Set Up a Print
Printing an AutoCAD Drawing
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies