Vulnerable Transmission of Credentials
If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the
Read moreWeb Hosting
Attacking Authentication
On the face of it, authentication is conceptually among the simplest of all the security mechanisms employed within web applications.
Read moreHandling Client-Side Data Securely
Transmitting Data via the Client Many applications leave themselves exposed because they transmit critical data such as product prices and
Read moreActiveX Controls
ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted
Read moreCapturing User Data: Thick-Client Components
Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component.
Read moreCapturing User Data: HTML Forms
The other principal way in which applications use client-side controls to restrict data submitted by clients occurs with data that
Read moreBypassing Client-Side Controls
Transmitting Data via the Client It is very common to see an application passing data to the client in a
Read moreIdentifying Server-Side Functionality
It is often possible to infer a great deal about server-side functionality and structure, or at least make an educated
Read moreIdentifying Server-Side Technologies
It is normally possible to fingerprint the technologies employed on the server via various clues and indicators. Banner Grabbing Many
Read moreAnalyzing the Application
Enumerating as much of the application’s content as possible is only one element of the mapping process. Equally important is
Read more