To some extent, an organization deploying a third-party web server product is inevitably placing its fate in the hands of the software vendor. Nevertheless, there is still a large amount that a security-conscious organization can do to protect itself against the kind of software vulnerabilities. Choose Software with a Good Track Record Not all software … Read more
If you are lucky, the web server you are targeting may contain some of the actual vulnerabilities described in this chapter. More likely, however, it will have been patched to a more recent level, and you will need to search for something fairly current or brand new with which to attack the server. A good … Read more
Encoding flaws have arisen in many kinds of web server software and present an inherent threat in situations where the same user-supplied data is processed by several layers using different technologies. A typical web request might be handled by the web server, the application platform, various man-aged and unmanaged APIs, other software components, and the … Read more
Accipiter DirectServer This path traversal flaw could be exploited by placing URL-encoded dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/9389 . Alibaba This path traversal flaw could be exploited by placing simple dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/270 . Cisco ACS Acme.server This … Read more
Web server products range from extremely simple and lightweight software which does little more than serve up static pages, to highly complex application platforms that can handle a large variety of tasks. Historically, web server software has been subject to a wide range of serious security vulnerabilities, which have resulted in arbitrary code execution, file … Read more
Buffer overflow vulnerabilities occur when an application copies user-controllable data into a memory buffer that is not sufficiently large to accommodate it. The destination buffer is overflowed, resulting in adjacent memory being overwritten with the user’s data. Depending on the nature of the vulnerability, an attacker may be able to exploit it to execute arbitrary … Read more
The barriers to automation described previously lead to a number of specific technical challenges that must be addressed in the creation of an effective vulnerability scanner. These challenges impinge not only upon the scanner’s ability to detect specific types of vulnerability, as already described, but also upon its ability to perform the core tasks of … Read more
The manual request component of the integrated test suites provides the basic facility to issue a single request and view its response. Though simple, this function is often extremely beneficial when you are probing a tentative vulnerability and need to reissue the same request manually several times, tweaking elements of the request to determine the … Read more
Some attacks on web applications can be performed using only a standard web browser; however, the majority of them require you to use some additional tools. Many of these tools operate in conjunction with the browser, either as extensions that modify the browser’s own functionality, or as external tools that run alongside the browser and … Read more
Many users access web applications from a shared environment in which an attacker may have direct access to the same computer as the user. This gives rise to a range of attacks to which insecure applications may leave their users vulnerable. There are several areas in which this kind of attack may arise. Persistent Cookies … Read more