Krishna This is a more sophisticated and controlled technique, which is usually preferable to automated spidering. Here, the user walks through the application in the normal way using a standard browser, attempting to navigate through all of the application’s functionality. As he does so, the resulting traffic is passed through a tool combining an intercepting proxy … Read more
In a typical application, the majority of the content and functionality can be identified via manual browsing. The basic approach is to walk through the application starting from the main initial page, following every link and navigating through all multistage functions (such as user registration or password resetting). If the application contains a “site map,” … Read more
The first step in the process of attacking an application is to gather and examine some key information about it, in order to gain a better understanding of what you are up against. The mapping exercise begins by enumerating the application’s content and functionality, in order to understand what the application actually does and how … Read more
Web applications employ several different encoding schemes for their data. Both the HTTP protocol and the HTML language are historically text-based, and different encoding schemes have been devised to ensure that unusual characters and binary data can be safely handled by these mechanisms. When you are attacking a web application, you will frequently need to … Read more
The technologies described so far enable the server and client components of a web application to exchange and process data in numerous ways. To implement most kinds of useful functionality, however, applications need to track the state of each user’s interaction with the application across multiple requests. For example, a shopping application may allow users … Read more
In order for the server-side application to receive user input and actions, and present the results of these back to the user, it needs to provide a client-side user interface. Because all web applications are accessed via a web browser, these interfaces all share a common core of technologies. However, these have been built upon … Read more
In addition to the core communications protocol used to send messages between client and server, web applications employ numerous different technologies to deliver their functionality. Any reasonably functional application may employ dozens of distinct technologies within its server and client components. Before you can mount a serious attack against a web application, you need a … Read more
The HTTP protocol uses plain TCP as its transport mechanism, which is unencrypted and so can be intercepted by an attacker who is suitably positioned on the network. HTTPS is essentially the same application-layer protocol as HTTP, but this is tunneled over the secure transport mechanism, Secure Sockets Layer (SSL). This protects the privacy and integrity … Read more
Each HTTP response message must contain a status code in its first line, indicating the result of the request. The status codes fall into five groups, according to the first digit of the code: ■ 1xx — Informational. ■ 2xx — The request was successful. ■ 3xx — The client is redirected to a different … Read more
Cookies are a key part of the HTTP protocol which most web applications rely upon, and which can frequently be used as a vehicle for exploiting vulnerabilities. The cookie mechanism enables the server to send items of data to the client, which the client stores and resubmits back to the server. Unlike the other types … Read more