Ch 11 - Web Hacking

Link to PDF of powerpoint presentation http://dl.dropbox.com/u/68566/WebHacking.pdf

Early Days

Current Vulnerabilities

Sample Files

Source Code Disclosure

Canonicalization Attacks

Server Extensions

Buffer Overflows

Web Server Vulnerability Scanners

Web Application Hacking

Finding vulnerable apps with Google

Web Crawling

Web Application Assessment

Browser Plug-ins

Tool Suites

Common Web Application Vulnerabilities

Cross-Site Scripting (XSS)

SQL Injection

Cross-Site Request Forgery

Misuse of Hidden Tags

Quiz

1. List 2 of the 5 common web server vulnerabilities.

Sample files, Source code disclosure, Canonicalization, Server extensions, Input validation(ex. Buffer overflow)

2. Name one of the two browser plugins/toolsets to preform a man-in-the-middle attack.

TamperData or Fiddler

3. What is a common tool used to gather entire websites?

wget

4. What is the easiest method to find vulnerable web applications?

Using search engines

HackingExposedChapter11 (last edited 2010-04-20 03:48:38 by c-71-226-185-105)