The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

In some cases where JavaScript is employed, the application is still

Download 5,76 Mb.

Pdf ko'rish

bet	230/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 226 227 228 229 230 231 232 233 ... 875

Bog'liq
3794 1008 4334

In some cases where JavaScript is employed, the application is still

usable by users who have disabled JavaScript within their browser. In this

situation, JavaScript-based form validation code is simply skipped by the

browser, and the raw input entered by the user is submitted. To avoid false

positives, the logging and alerting mechanism should be aware of where and

how this can arise.

Chapter Summary

Virtually all client-server applications must accept the fact that the client com-

ponent, and all processing that occurs on it, cannot be trusted to behave as

expected. As you have seen, the transparent communications methods gener-

ally employed by web applications mean that an attacker equipped with sim-

ple tools and minimal skill can trivially circumvent most controls

implemented on the client. Even where an application makes attempts to

obfuscate data and processing residing on the client side, a determined

attacker will be able to compromise these defenses.

In every instance where you identify data being transmitted via the client, or

validation of user-supplied input being implemented on the client, you should

test how the server responds to unexpected data that bypasses those controls.

Very often, serious vulnerabilities are to be found lurking behind an applica-

tion’s assumptions about the protection afforded to it by defenses that are

implemented at the client.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 226 227 228 229 230 231 232 233 ... 875