The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

For any application pages which are accessed over HTTP and which con-

Download 5,76 Mb.

Pdf ko'rish

bet	785/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 781 782 783 784 785 786 787 788 ... 875

Bog'liq
3794 1008 4334

Chapter 12
HTML meta-tags

For any application pages which are accessed over HTTP and which con-

tain sensitive data, review the details of the server’s response to identify

any cache directives.

458

Chapter 12

■

Attacking Other Users

70779c12.qxd:WileyRed 9/14/07 3:14 PM Page 458

Chapter 12

■

Attacking Other Users

459

HACK STEPS (continued)

■

The following directives will prevent browsers from caching a page. Note

that these may be specified within the HTTP response headers or within

HTML meta-tags:

Expires: 0

Cache-control: no-cache

Pragma: no-cache

■

If these directives are not found, then the page concerned may be vulner-

able to caching by one or more browsers. Note that cache directives are

processed on a per-page basis, and so every sensitive HTTP-based page

needs to be checked.

■

To verify that sensitive information is being cached, use a default instal-

lation of a standard browser, such as Internet Explorer or Firefox. In the

browser’s configuration, completely clean its cache and all cookies, and

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 781 782 783 784 785 786 787 788 ... 875