Attacking Other Users
The majority of interesting attacks against web applications involve targeting the server-side application itself. Many of these attacks do of course
Read moreWeb Hosting
Avoiding Logic Flaws
Just as there is no unique signature by which logic flaws in web applications can be identified, there is also
Read moreReal-World Logic Flaws
The best way to learn about logic flaws is not by theorizing, but through acquaintance with some actual examples. Although
Read moreAttacking Application Logic
All web applications employ logic in order to deliver their functionality. Writing code in a programming language involves at its
Read morePreventing Path Traversal Vulnerabilities
By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file
Read moreFinding and Exploiting Path Traversal Vulnerabilities
Path traversal vulnerabilities are often subtle and hard to detect, and it may be necessary to prioritize your efforts on
Read moreExploiting Path Traversal
Many kinds of functionality oblige a web application to read from or write to a file system on the basis
Read moreInjecting into LDAP
The Lightweight Directory Access Protocol (LDAP) is used for accessing directory services over a network. A directory is a hierarchically
Read moreInjecting into SMTP
Many applications contain a facility for users to submit messages via the application; for example, to report a problem to
Read moreInjecting into XPath
The XML Path Language (or XPath) is an interpreted language used for navigating around XML documents, and for retrieving data
Read more