HACKING EXPOSED WEB APPLICATIONS, 3rd Edition

caching devices, 386

CACLS, 108109

canonicalization (dot-dot-slash), 215220

countermeasure, 220

CAPTCHAs, 129

denial-of-revenue attacks, 382383

phpBB DoS vulnerabilities, 378

and threat mitigation strategies, 406407

user registration attacks, 149151

capture/replay, 184

case studies, authorization attacks, 185199

Cenzic Hailstorm 3.0, 444445

challenge-response authentication model, 132

chrooting Apache, 112113

client-side analysis, tools and techniques, 482

client-side piggybacking, 152

code analysis, tools, 474

Code Red worm, 104

code review, 407

authorization mistakes in code, 412413

automated, 414, 415

binary analysis, 414423

debug mistakes in code, 413414

manual, 408414

poor input handling, 409411

poor SQL statement composition, 411412

secrets in code, 412

combos , 369

command execution, 226228

command-line tools, 473

Curl, 23

netcat, 23

comments, 5253

common off-the-shelf software. See COTS

Common Vulnerability Scoring System (CVSS), 405

Compuware DevPartner SecurityChecker 2.0, 453455

CONNECT command, 37

cookies, 174

bypassing expire times, 177178

common, 60

hacking, 147148

load balancers, 35

manual tampering attacks against, 175178

and predefined headers, 223

CookieSpy, 176177

COTS, 80

COTS session IDs, 162

crawling

automated, 6566

tools, 6670, 473

crawling ACLs, 161162

credential management attacks, 152

cross-site scripting, 221222

crypto, 166

cultural buy-in, 428

Curl, 23

mapping permissions, 196199

See also command-line tools

CVSS, 405