Password Change Functionality
Surprisingly, many web applications do not provide any way for users to change their password. However, this functionality is necessary
Read moreWebsite
Vulnerable Transmission of Credentials
If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the
Read moreAttacking Authentication
On the face of it, authentication is conceptually among the simplest of all the security mechanisms employed within web applications.
Read moreHandling Client-Side Data Securely
Transmitting Data via the Client Many applications leave themselves exposed because they transmit critical data such as product prices and
Read moreActiveX Controls
ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted
Read moreCapturing User Data: Thick-Client Components
Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component.
Read moreCapturing User Data: HTML Forms
The other principal way in which applications use client-side controls to restrict data submitted by clients occurs with data that
Read moreBypassing Client-Side Controls
Transmitting Data via the Client It is very common to see an application passing data to the client in a
Read moreIdentifying Server-Side Functionality
It is often possible to infer a great deal about server-side functionality and structure, or at least make an educated
Read moreIdentifying Server-Side Technologies
It is normally possible to fingerprint the technologies employed on the server via various clues and indicators. Banner Grabbing Many
Read more