Web application security - the fast guide 1.1

4.15 More mapping tools ......................................................................................................... 81 4.15.1 OWASP Zed Attack Proxy Project: ................................................................... 81 4.15.2 Arachni: ........................................................................................................................ 82 4.15.3 Skipfish: ........................................................................................................................ 83 4.15.4 w3af ................................................................................................................................ 83 4.16 Attack analyzing – feasibility & priority ...................................................................... 84 4.17 QUIZ: ........................................................................................................................................ 85 Chapter 5 Attack Execution the client ............................................................................... 87 5.1 Attack the client .................................................................................................................. 88 5.2 Two types of attacks .......................................................................................................... 88 5.3 Altering cookies ................................................................................................................... 89 5.4 Flash Cookies (LSO) ............................................................................................................ 90 5.5 intercepting messages from Flash, Java applet and Silverlight ......................... 91 5.6 Decompile Flash, Java applet and Silverlight ........................................................... 92 5.7 Clickjacking ............................................................................................................................ 93 5.8 client SQLlight ....................................................................................................................... 94 5.9 ActiveX attack ....................................................................................................................... 95 5.10 Attack Execute- Pass JavaScript through Flash ........................................................ 97 5.11 Max Length ............................................................................................................................ 97 5.12 Attack ViewState ................................................................................................................. 99 5.13 Time of Creation to Time of Use ................................................................................. 100 5.14 JSON Hijacking .................................................................................................................... 101 5.15 Attack Execute- Phishing ................................................................................................ 103 5.16 Altering hidden fields ...................................................................................................... 105 5.17 Hashed hidden fields ....................................................................................................... 106 5.18 forge Referer Header ....................................................................................................... 107 5.19 Attack Execute- Direct Change to URL parameters ............................................. 108 5.20 Only Client side validation ............................................................................................. 109 5.21 QUIZ: ...................................................................................................................................... 111 Chapter 6 Attack execution (2) ............................................................................................. 113 6.1 Web application Authentication methods .............................................................. 114 6.2 Attack bad passwords ..................................................................................................... 115 6.3 Brute force attack ............................................................................................................. 116 6.4 Password management exploit ................................................................................... 117

Web application security - the fast guide 1.1 | Page 7