HACKING EXPOSED WEB APPLICATIONS, 3rd Edition

Data Execution Prevention feature, 430431

data flow diagrams, 400401, 402

database configuration, 265

database encryption, 265

datastore attacks, 226, 261265

See also SQL injection

DDoS attacks, 372373

debugging, 417420

denial of service. See DoS attacks

denial-of-revenue attacks, 380383

DEP, 430431

design liabilities, cross-domain access, 338339

developer-driven mistakes, 321327

DFDs, 400401, 402

dictionary attacks, 126127, 182183

differential analysis, 161, 166, 194196

Digest authentication, 132134

digital certificates, 139

See also authentication

directories

protecting, 7576

structure, 46, 76

directory guessing, 312314

Directory of Web Services. See DISCO

directory services

DISCO, 277279

UDDI, 275277

directory traversal, 169

advanced, 216218

navigating without directory listings, 218220

DISCO, 277279

disclosure attacks, 279281

Distributed DoS (DDoS) attacks, 372373

DOR attacks. See denial-of-revenue attacks

DoS attacks, 368

Apache Tomcat 5.5 directory listing DoS, 378

and application design, 389390

application layer, 373375

caching devices, 386

capacity depletion, 370

capacity planning, 386387

denial-of-revenue attacks, 380383

detecting, 391392

Distributed DoS (DDoS), 372373

firewalls, 384385

Fraggle, 372

general countermeasures, 383

Google July 2004 DoS, 375376

hardening servers, 388389

hardening the network edge, 388

load balancers, 385386

old vulnerabilities, 369370

OpenSSL ASN.1 parsing errors DoS, 379380

phpBB DoS vulnerabilities, 377378

responding to, 392393

Smurf, 372

SYN floods, 370371

testing, 390391

tools and techniques, 482

UDP floods, 371372

working with your ISP, 387388

DREAD system, 405

dynamically generated pages, 4345