File Inclusion Vulnerabilities
Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual
Read moreHACKING
Injecting into Web Scripting Languages
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition
Read moreExploiting ODBC Error Messages (MS-SQL Only)
If you are attacking an MS-SQL database, then there are alternative ways available of discovering the names of database tables
Read moreExtracting Useful Data
In order to extract useful data from the database, you normally need to know the names of the tables and
Read moreFingerprinting the Database
Most of the techniques described so far are effective against all of the common database platforms, and any divergences have
Read moreInjecting Code
The topic of code injection is a huge one, encompassing dozens of different languages and environments, and a wide variety
Read moreA Multi-Layered Privilege Model
Issues relating to access apply not only to the web application itself but also to the other infrastructure tiers which
Read moreSecuring Access Controls
Access controls are one of the easiest areas of web application security to understand, although a well-informed, thorough methodology must
Read moreLog, Monitor, and Alert
The application’s session management functionality should be closely integrated with its mechanisms for logging, monitoring, and alerting, in order to
Read moreSecuring Session Management
The defensive measures that web applications must take to prevent attacks on their session management mechanisms correspond to the two
Read more