HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
Chapter 2: Profiling
- Table 2-1: A Sample Matrix for Documenting Web Application Structure
- Table 2-2: Common File Extensions and the Application or Technology That Typically Uses Them
- Table 2-3: Common Query String Structure
- Table 2-4: Attack Attempts and Implications
- Table 2-5: Common Cookies Used by Off-the-shelf Web Software
Chapter 3: Hacking Web Platforms
- Table 3-1: The Value of the SERVER_NAME Variable Depends on the Origin of the Request.
- Table 3-2: ISAPI Extension Mappings That Should Be Unmapped in a Secure IIS Configuration
- Table 3-3: Apache Modules That Are Potential Security Risks and Should Be Considered for Removal
Chapter 4: Web Authentication Attacking
- Table 4-1: Common Usernames and Passwords Used in Guessing Attacks (Not Case-sensitive)
- Table 4-2: A Summary of the Web Authentication Mechanisms Discussed So Far
Chapter 5: Attacking Web Authorization
- Table 5-1: Information Commonly Stored in a Web Application Authorization/Session Token
- Table 5-2: Common COTS Session IDs
- Table 5-3: Common Session Token Contents
- Table 5-4: Numeric Boundaries
- Table 5-5: An Example Role Matrix
- Table 5-6: Examples of Hidden Form Field Values
- Table 5-7: Cookie Information Gleaned from our Fictitious Web Shopping Application
- Table 5-8: Differential Analysis Results Produced While Browsing a Web Application While Authenticated As a Standard and Administrative User
- Table 5-9: Cookie Values for Both Standard and Admin User Types
- Table 5-10: Input Validation Checking Results for the Last Segment of the "jonafid" Cookie
- Table 5-11: Results of Manual Parameter Injection to the "menu" Query String Parameter
Chapter 6: Input Validation Attacks
- Table 6-1: Common URL Encoding Techniques Used by Attackers
- Table 6-2: Popular Characters to Test Input Validation
Chapter 7: Attacking Web Datastores
- Table 7-1: Common SQL Instructions
- Table 7-2: Common Characters for Identifying SQL Injection Vulnerabilities
- Table 7-3: Common Database Error Messages
- Table 7-4: Common Parsing Errors
- Table 7-5: Numeric Tests
- Table 7-6: Alphanumeric Tests
- Table 7-7: Alternate Alphanumeric Tests
- Table 7-8: Tests to Produce Intentional Errors
- Table 7-9: Space Delimiters
- Table 7-10: Unicode Space Delimiters
- Table 7-11: Characters to Modify a Query
- Table 7-12: Useful Stored Procedures to Enumerate System Information
- Table 7-13: Extended Procedures That Do Not Require Parameters
- Table 7-14: Parameterized Stored Procedures
- Table 7-15: System Table Objects
- Table 7-16: Master Database Tables
- Table 7-17: Language Constructs for Creating Stored Procedures
Chapter 8: Attacking XML Web Services
- Table 8-1: Common Private UDDI Locations
Chapter 9: Attacking Web Application Management
- Table 9-1: Common Default Web Server Management Ports
- Table 9-2: WebDAV Methods That Can Be Abused
- Table 9-3: Common HTTP Response Codes
- Table 9-4: Common Filenames Used in Guessing Attacks
Chapter 10: Hacking Web Clients
- Table 10-1: Selected ActiveX Security Vulnerabilities
- Table 10-2: Recommended Internet Zone Security Settings (Custom Level Settings Made After
Chapter 12: Full-Knowledge Analysis
- Table 12-1: Tools for Assessing and Improving Code Security
Chapter 13: Web Application Security Scanners
- Table 13-1: Web Application Security Scanners We Tested ( please contact vendor for custom/ volume pricing)
Appendix C: URLScan and ModSecurity
- Table C-1: IIS6 Request Restriction Settings Under HKLM\System\CurrentControlSet\Services\HTTP\Parameters