Chapter 5  ■ Bypassing Client-Side Controls

Questions

Answers can be found at 

www.wiley.com/go/webhacker

.

1. How can data be transmitted via the client in a way that prevents tam-

pering attacks?

2. An application developer wishes to stop an attacker from performing

brute-force attacks against the login function. Because the attacker may

target multiple usernames, the developer decides to store the number of

failed attempts in an encrypted cookie, blocking any request if the num-

ber of failed attempts exceeds five.

How can this defense be bypassed?

3. An application contains an administrative page that is subject to rigor-

ous access controls. The page contains links to diagnostic functions

located on a different web server. Access to these functions should also

be restricted to administrators only. Without implementing a second

authentication mechanism, which of the following client-side mecha-

nisms (if any) could be used to safely control access to the diagnostic

functionality? Is there any further information you would need to help

choose a solution?

(a) The diagnostic functions could check the HTTP 

Referer

header, to

confirm that the request originated on the main administrative page.

(b) The diagnostic functions could validate the supplied cookies, to con-

firm that these contain a valid session token for the main applica-

tion.

(c) The main application could set an authentication token in a hidden

field that is included within the request. The diagnostic function

could validate this to confirm that the user has a session on the main

application. 

4. If a form field includes the attribute 

disabled=true

, it will not be sub-

mitted with the rest of the form. How can you change this behavior?

5. Are there any means by which an application can ensure that a piece of

input validation logic has been run on the client?

Download 5,76 Mb.

Do'stlaringiz bilan baham: