The barriers to automation described previously lead to a number of specific technical challenges that must be addressed in the creation of an effective vulnerability scanner. These challenges impinge not only upon the scanner’s ability to detect specific types of vulnerability, as already described, but also upon its ability to perform the core tasks of … Read more
A number of different tools exist for performing automated vulnerability scans of web applications. These scanners have the benefit of being able to test a large amount of functionality in a relatively short time, and in a typical application are often able to identify a variety of important vulnerabilities. Web application vulnerability scanners automate several … Read more
The manual request component of the integrated test suites provides the basic facility to issue a single request and view its response. Though simple, this function is often extremely beneficial when you are probing a tentative vulnerability and need to reissue the same request manually several times, tweaking elements of the request to determine the … Read more
After the essential web browser, the most useful item in your toolkit when attacking a web application is an intercepting proxy. In the early days of web applications, the intercepting proxy was a standalone tool that provided the barest of possible functionality — notably the venerable Achilles proxy, which simply displayed each request and response … Read more
Some attacks on web applications can be performed using only a standard web browser; however, the majority of them require you to use some additional tools. Many of these tools operate in conjunction with the browser, either as extensions that modify the browser’s own functionality, or as external tools that run alongside the browser and … Read more
Many users access web applications from a shared environment in which an attacker may have direct access to the same computer as the user. This gives rise to a range of attacks to which insecure applications may leave their users vulnerable. There are several areas in which this kind of attack may arise. Persistent Cookies … Read more
ActiveX controls are of particular interest to an attacker who is targeting other users. When an application installs a control in order to invoke it from its own pages, the control must be registered as “safe for scripting.” Once this has occurred, any other web site accessed by the user can make use of that … Read more
Session fixation vulnerabilities typically arise when an application creates an anonymous session for each user when they first access the application. If the application contains a login function, this anonymous session will be created prior to login and then upgraded to an authenticated one after they have logged in. The same token that initially confers … Read more
JSON hijacking is a special version of an XSRF attack, which in certain circumstances can violate the objectives of the browser’s same origin policy. It enables a malicious web site to retrieve and process data from a different domain, thereby circumventing the “one-way” restriction that normally applies to XSRF. The possibility of JSON hijacking arises … Read more
Frame injection is a relatively simple vulnerability that arises from the fact that in many browsers, if a web site creates a named frame, then any window opened by the same browser process is permitted to write the contents of that frame, even if its own content was issued by a different web site. Exploiting … Read more