Web Hosting - Eduguru - Page 8

Tutorial Web Hosting Website

Application Pages vs. Functional Paths

April 17, 2020 Krishna Application Pages vs. Functional Paths, Discovering Hidden Parameters, html, Mapping, Mapping the Application, URL, URL-based map, World Wide Web

The enumeration techniques described so far have been implicitly driven by one particular picture of how web application content may

Tutorial Web Hosting Website

Discovering Hidden Content

April 17, 2020 Krishna Brute-Force Techniques, Burp Intruder, DIRECTORIES, Discovering Hidden Content, GOOGLE, Inference from Published Content, Leveraging the Web Server, mapping techniques, Mapping the Application, MSN, Search engines, Web archives, Yahoo

It is very common for applications to contain content and functionality which is not directly linked or reachable from the

Tutorial Web Hosting Website

User-Directed Spidering

April 17, 2020April 17, 2020 Krishna Burp Suite, html, http, HTTP and HTML analysis, Mapping the Application, proxy/spider tool, URL, User-Directed Spidering, WebScarab

This is a more sophisticated and controlled technique, which is usually preferable to automated spidering. Here, the user walks through

Tutorial Web Hosting Website

Enumerating Content and Functionality

April 17, 2020 Krishna application uses, Burp Spider, Enumerating Content and Functionality, Mapping, Mapping the Application, Paros, spiders, URL, Web Spidering, WebScarab

In a typical application, the majority of the content and functionality can be identified via manual browsing. The basic approach

Tutorial Web Hosting Website

Mapping the Application

April 17, 2020 Krishna application, application mapping, attacking an application, Mapping the Application, VULNERABILITIES

The first step in the process of attacking an application is to gather and examine some key information about it,

Tutorial Web Hosting Website

Encoding Schemes

April 17, 2020 Krishna ASCII characters, ASCII code, Base64 Encoding, Encoding Schemes, Hex Encoding, HTML Encoding, Unicode Encoding, URL Encoding, Web Application Technologies

Web applications employ several different encoding schemes for their data. Both the HTTP protocol and the HTML language are historically

Tutorial Web Hosting Website

State and Sessions

April 15, 2020April 15, 2020 Krishna application, ASP.NET, functionality, HTTP cookies, HTTP protocol, server-side application, server-side structure, session, State and Sessions, TECHNOLOGIES, Web Application Technologies

The technologies described so far enable the server and client components of a web application to exchange and process data

Tutorial Web Hosting Website

Client-Side Functionality

April 15, 2020 Krishna ActiveX controls, Client-Side Functionality, Forms, html, HTTP Requests, Hyperlinks, hypertext markup lan- guage (HTML), Java applets, JavaScript, Thick Client Components, URL, Web Application Technologies

In order for the server-side application to receive user input and actions, and present the results of these back to

Tutorial Web Hosting Website

Web Functionality

April 15, 2020 Krishna Administrative front ends, Apache, ASP.NET, Authentication, Bulletin boards, Database object relational mapping, Enterprise Java Bean, HTTP cookies, Java Servlet, Linux, Logging, Microsoft’s web application, MySQL, Photo galleries, PHP, Plain Old Java Object, Presentation layer, Server-Side Functionality, Shopping carts, The Java Platform, URL query string, Web application platforms, Web Application Technologies, web container, Web Functionality, Web mail, Wikis

In addition to the core communications protocol used to send messages between client and server, web applications employ numerous different

Tutorial Web Hosting Website

HTTPS

April 15, 2020 Krishna authentication mechanism, basic, Digest, HTTP Authentication, HTTP protocol, HTTP Proxies, HTTP proxy server, HTTP/S, NTLM, proxy server, Secure Sock- ets Layer (SSL), transport layer security, transport mechanism, Web Application Technologies

The HTTP protocol uses plain TCP as its transport mechanism, which is unencrypted and so can be intercepted by an