The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

other users on the network cannot view or modify the attacker’s data in tran-

sit. Because the attacker controls her end of the SSL tunnel, she can send any-

thing she likes to the server through this tunnel. If any of the previously

mentioned attacks are successful, then the application is emphatically vulner-

able, regardless of what its FAQ may tell you.

Key Problem Factors

The core security problem faced by web applications arises in any situation

where an application must accept and process untrusted data that may be

malicious. However, in the case of web applications, there are several factors

which have combined to exacerbate the problem, and which explain why 

so many web applications on the Internet today do such a poor job of address-

ing it.

Download 5,76 Mb.

Do'stlaringiz bilan baham: