Attacking ActiveX Controls
ActiveX controls are of particular interest to an attacker who is targeting other users. When an application installs a control
Read moreweb-app
Session Fixation
Session fixation vulnerabilities typically arise when an application creates an anonymous session for each user when they first access the
Read moreJSON Hijacking
JSON hijacking is a special version of an XSRF attack, which in certain circumstances can violate the objectives of the
Read moreFrame Injection
Frame injection is a relatively simple vulnerability that arises from the fact that in many browsers, if a web site
Read moreHTTP Header Injection
HTTP header injection vulnerabilities arise when user-controllable data is inserted in an unsafe manner into an HTTP header returned by
Read moreAttacking Other Users
The majority of interesting attacks against web applications involve targeting the server-side application itself. Many of these attacks do of course
Read moreAvoiding Logic Flaws
Just as there is no unique signature by which logic flaws in web applications can be identified, there is also
Read moreReal-World Logic Flaws
The best way to learn about logic flaws is not by theorizing, but through acquaintance with some actual examples. Although
Read moreAttacking Application Logic
All web applications employ logic in order to deliver their functionality. Writing code in a programming language involves at its
Read morePreventing Path Traversal Vulnerabilities
By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file
Read more