Web server products range from extremely simple and lightweight software which does little more than serve up static pages, to highly complex application platforms that can handle a large variety of tasks. Historically, web server software has been subject to a wide range of serious security vulnerabilities, which have resulted in arbitrary code execution, file … Read more
Buffer overflow vulnerabilities occur when an application copies user-controllable data into a memory buffer that is not sufficiently large to accommodate it. The destination buffer is overflowed, resulting in adjacent memory being overwritten with the user’s data. Depending on the nature of the vulnerability, an attacker may be able to exploit it to execute arbitrary … Read more
The barriers to automation described previously lead to a number of specific technical challenges that must be addressed in the creation of an effective vulnerability scanner. These challenges impinge not only upon the scanner’s ability to detect specific types of vulnerability, as already described, but also upon its ability to perform the core tasks of … Read more
The manual request component of the integrated test suites provides the basic facility to issue a single request and view its response. Though simple, this function is often extremely beneficial when you are probing a tentative vulnerability and need to reissue the same request manually several times, tweaking elements of the request to determine the … Read more
Some attacks on web applications can be performed using only a standard web browser; however, the majority of them require you to use some additional tools. Many of these tools operate in conjunction with the browser, either as extensions that modify the browser’s own functionality, or as external tools that run alongside the browser and … Read more
ActiveX controls are of particular interest to an attacker who is targeting other users. When an application installs a control in order to invoke it from its own pages, the control must be registered as “safe for scripting.” Once this has occurred, any other web site accessed by the user can make use of that … Read more
Session fixation vulnerabilities typically arise when an application creates an anonymous session for each user when they first access the application. If the application contains a login function, this anonymous session will be created prior to login and then upgraded to an authenticated one after they have logged in. The same token that initially confers … Read more
HTTP header injection vulnerabilities arise when user-controllable data is inserted in an unsafe manner into an HTTP header returned by the application. If an attacker can inject newline characters into the header he controls, he can insert additional HTTP headers into the response and can write arbitrary content into the body of the response. This … Read more
The best way to learn about logic flaws is not by theorizing, but through acquaintance with some actual examples. Although individual instances of logic flaws differ hugely, they share many common themes, and they demonstrate the kinds of mistake that human developers will always be prone to making. Hence, insights gathered from studying a sample of … Read more
All web applications employ logic in order to deliver their functionality. Writing code in a programming language involves at its root nothing more than breaking down a complex process into very simple and discrete logical steps. Translating a piece of functionality that is meaningful to human beings into a sequence of small operations that can … Read more