website hacking - Eduguru

Vulnerable Mapping of Tokens to Sessions

May 5, 2020 Krishna Attacking Session Management, Client Exposure to Token Hijacking, ETHICAL HACKING, Vulnerable Mapping of Tokens to Sessions, Vulnerable Session Termination, web-hack, website hacking

Various common vulnerabilities in session management mechanisms arise because of weaknesses in the way the application maps the creation and

Tutorial Web Hosting Website

Weaknesses in Session Token Handling

May 5, 2020 Krishna Attacking Session Management, Disclosure of Tokens on the Network, ETHICAL HACKING, http, Weaknesses in Session Token Handling, web-hack, website, website hacking

No matter how effective an application is at ensuring that the session tokens it generates do not contain any meaningful

Tutorial Web Hosting Website

Predictable Tokens

May 4, 2020May 5, 2020 Krishna Attacking Session Management, Concealed Sequences, Full-Blown Tests for Randomness, Predictable Tokens, Time Dependency, Weak Random Number Generation, website, website hacking

Some session tokens do not contain any meaningful data associating them with a particular user but are nevertheless guessable because

Tutorial Web Hosting Website

Securing Authentication

May 4, 2020 Krishna Attacking Authentication, Handle Credentials Secretively, INTERNET, Prevent Brute-Force Attacks, Prevent Information Leakage, Prevent Misuse of the Password Change Function, Use Strong Credentials, Validate Credentials Properly, web, web hacking, website hacking

Implementing a secure authentication solution involves attempting to simultaneously meet several key security objectives, and in many cases trade off

Tutorial Web Hosting Website

ActiveX Controls

April 23, 2020April 23, 2020 Krishna ActiveX controls, Bypassing Client-Side Controls, Decompiling Managed Code, Fixing Inputs Processed by Controls, html, Java, Java applets, Manipulating Exported Functions, Reverse Engineering, Shockwave Flash Objects, web hacking, website hacking

ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted

Tutorial Web Hosting Website

Capturing User Data: Thick-Client Components

April 23, 2020 Krishna Bypassing Client-Side Controls, Capturing User Data: Thick-Client Components, Coping with Bytecode Obfuscation, Decompiling Java Bytecode, HTML forms, HTML source, Java, Java applets, JavaScript, web hacking, website hacking

Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component.

Tutorial Web Hosting Website

Capturing User Data: HTML Forms

April 23, 2020 Krishna Bypassing Client-Side Controls, Capturing User Data: HTML Forms, Disabled Elements, HTML forms, JavaScript, Length Limits, Script-Based Validation, website hacking

The other principal way in which applications use client-side controls to restrict data submitted by clients occurs with data that