Summary

Previous page
Table of content
Next page

In this chapter, we saw that the typical web application authorization model is based heavily on server-side ACLs (usually on file system objects) and authorization/session tokens (either off-the-shelf or custom-developed) that are vulnerable to several common attacks. Poorly implemented ACLs and tokens are easily defeated using common techniques to bypass, replay, spoof, fix, or otherwise manipulate authorization controls to masquerade as other users, including administrators. We also described several case studies that illustrated how such techniques can be combined to devastate web app authorization at multiple levels. Finally, we discussed the toolset available to web administrators and developers to counteract many of the basic techniques we described, as well as some broader "defense- in-depth " strategies that can help harden the overall security posture of a typical web application.


Previous page
Table of content
Next page
Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127
Authors: Joel Scambray, Vincent Liu, Caleb Sima
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Software Configuration Management
Documenting Software Architectures: Views and Beyond
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
PMP Practice Questions Exam Cram 2
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy