Manual Request Tools
The manual request component of the integrated test suites provides the basic facility to issue a single request and view
Read morehttp
Integrated Testing Suites
After the essential web browser, the most useful item in your toolkit when attacking a web application is an intercepting
Read moreA Web Application Hacker’s Toolkit
Some attacks on web applications can be performed using only a standard web browser; however, the majority of them require
Read moreInjecting into Web Scripting Languages
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition
Read moreInjecting into SQL
Almost every web application employs a database to store the various kinds of information that it needs in order to
Read moreWeaknesses in Session Token Handling
No matter how effective an application is at ensuring that the session tokens it generates do not contain any meaningful
Read moreWeaknesses in Session Token Generation
Session management mechanisms are often vulnerable to attack because tokens are generated in an unsafe manner that enables an attacker
Read moreVulnerable Transmission of Credentials
If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the
Read moreAttacking Authentication
On the face of it, authentication is conceptually among the simplest of all the security mechanisms employed within web applications.
Read moreUser-Directed Spidering
This is a more sophisticated and controlled technique, which is usually preferable to automated spidering. Here, the user walks through
Read more