1 Hacking Web Apps
What Is Web Application Hacking?
GUI Web Hacking
URI Hacking
Methods, Headers, and Body
Resources
Authentication, Sessions, and Authorization
The Web Client and HTML
Other Protocols
Why Attack Web Applications?
Who, When, and Where?
Weak Spots
How Are Web Apps Attacked?
The Web Browser
Browser Extensions
HTTP Proxies
Command-line Tools
Older Tools
2 Profiling
Infrastructure Profiling
Footprinting and Scanning: Defining Scope
Basic Banner Grabbing
Advanced HTTP Fingerprinting
Infrastructure Intermediaries
Application Profiling
Manual Inspection
Using Search Tools for Profiling
Automated Web Crawling
Common Web Application Profiles
General Countermeasures
A Cautionary Note
Protecting Directories
Protecting include Files
Miscellaneous Tips
3 Hacking Web Platforms
Point-and-click Exploitation Using Metasploit
Manual Exploitation
Evading Detection
Web Platform Security Best Practices
Common Best Practices
IIS Hardening
Apache Hardening
PHP Best Practices
4 Attacking Web Authentication
Web Authentication Threats
Username/Password Threats
Strong(er) Web Authentication
Web Authentication Services
Bypassing Authentication
Token Replay
Identity Management
Client-side Piggybacking
Some Final Thoughts: Identity Theft
5 Attacking Web Authorization
Fingerprinting Authz
Crawling ACLs
Identifying Access/Session Tokens
Analyzing Session Tokens
Differential Analysis
Role Matrix
Attacking ACLs
Attacking Tokens
Manual Prediction
Automated Prediction
Capture/Replay
Session Fixation
Authorization Attack Case Studies
Horizontal Privilege Escalation
Vertical Privilege Escalation
Differential Analysis
Using Curl to Map Permissions
Authorization Best Practices
Web ACL Best Practices
Web Authorization/Session Token Security
Security Logs
6 Input Validation Attacks
Expect the Unexpected
Where to Find Attack Vectors
Bypass Client-side Validation Routines
Common Input Validation Attacks
Buffer Overflow
Canonicalization (dot-dot-slash)
HTML Injection
Boundary Checks
Manipulate Application Behavior
SQL Injection and Datastore Attacks
Command Execution
Encoding Abuse
PHP Global Variables
Common Side-effects
7 Attacking Web Datastores
SQL Primer
Syntax
SELECT, INSERT, and UPDATE
SQL Injection Discovery
Syntax and Errors
Semantics and Behavior
Alternate Character Encoding
Exploit SQL Injection Vulnerabilities
Alter a Process
Query Alternate Data
Platforms
Other Datastore Attacks
Input Validation
Decouple Query Logic from Query Data
Database Encryption
Database Configuration
8 Attacking XML Web Services
What Is a Web Service?
Transport: SOAP Over HTTP(S)
WSDL
Directory Services: UDDI and DISCO
Similarities to Web Application Security
Attacking Web Services
Web Service Security Basics
Web Services Security Measures
9 Attacking Web Application Management
Remote Server Management
Telnet
SSH
Proprietary Management Ports
Other Administration Services
Web Content Management
FTP
SSH/scp
FrontPage
WebDAV
Admin Misconfigurations
Unnecessary Web Server Extensions
Information Leakage
Developer-driven Mistakes
10 Hacking Web Clients
Exploits
Trickery
General Countermeasures
IE Security Zones
Firefox Secure Configuration
Low-privilege Browsing
Server-side Countermeasures
11 Denial-of-Service (DoS) Attacks
Common DoS Attack Techniques
Old School DoS: Vulnerabilities
Modern DoS: Capacity Depletion
Application-layer DoS
General DoS Countermeasures
Proactive DoS Mitigation
Detecting DoS
Responding to DoS
12 Full-Knowledge Analysis
Threat Modeling
Clarify Security Objectives
Identify Assets
Architecture Overview
Decompose the Application
Identify and Document Threats
Rank the Threats
Develop Threat Mitigation Strategies
Code Review
Manual Source Code Review
Automated Source Code Review
Binary Analysis
Security Testing of Web App Code
Fuzzing
Test Tools, Utilities, and Harnesses
Pen-testing
Security in the Web Development Process
People
Process
Technology
13 Web Application Security Scanners
Technology: Web App Security Scanners
The Testbed
The Tests
Reviews of Individual Scanners
Overall Test Results
Non-technical Issues
Process
People
