The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Feed these observations back into framing your test cases. When one

Download 5,76 Mb.

Pdf ko'rish

bet	279/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 275 276 277 278 279 280 281 282 ... 875

Bog'liq
3794 1008 4334

Feed these observations back into framing your test cases. When one

modification causes a change in behavior, try to combine this with other

changes to push the application’s logic to its limits.

Defects in Multistage Login Mechanisms

Some applications use elaborate login mechanisms involving multiple stages.

For example:

■■

Entry of a username and password.

■■

A challenge for specific digits from a PIN or a memorable word.

■■

The submission of a value displayed on a changing physical token.

Multistage login mechanisms are designed to provide enhanced security

over the simple model based on username and password. Typically, the first

stage requires the user to identify themselves with a username or similar item,

and subsequent stages perform various authentication checks. Such mecha-

nisms frequently contain security vulnerabilities, and in particular various

logic flaws (see Chapter 11).

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 275 276 277 278 279 280 281 282 ... 875