The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

HACK STEPS ■ Differences in the timing of application responses may be subtle and

Download 5,76 Mb.

Pdf ko'rish

bet	860/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 856 857 858 859 860 861 862 863 ... 875

Bog'liq
3794 1008 4334

HACK STEPS

■

Differences in the timing of application responses may be subtle and

difficult to detect. In a typical situation, it is only worth probing the appli-

cation for this behavior in selected key areas where a crucial item of

interesting data is submitted and where the kind of processing being per-

formed is likely to result in time differences.

■

To test a particular function, compile one list containing several items that

are known to be valid (or to have been accessed recently) and a second

list containing items that are known to be invalid (or dormant). Make

requests containing each item on these lists in a controlled way, issuing

only one request at a time, and monitoring the time taken for the applica-

tion to respond to each request. Determine whether there is any correla-

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 856 857 858 859 860 861 862 863 ... 875