the application, including the names
and values of every parameter, cookie,
request header, and other data.
In this chapter, we shall cover three main categories of classic software vul-
nerability: buffer overflows, integer vulnerabilities, and format string bugs. In
each case, we will describe some common vulnerabilities and then outline the
practical steps you can take when probing for these bugs within a web appli-
cation. This topic is a huge one, which extends far beyond the scope of a hand-
book about hacking web applications. To learn more about native software
vulnerabilities and how to find them, we recommend the following books:
■■
The Shellcoder’s Handbook, 2nd edition, by Chris Anley, John Heasman,
Felix Linder, and Gerardo Richarte (Wiley, 2007)
■■
The Art of Software Security Assessment by Mark Dowd, John McDonald,
and Justin Schuh (Addison-Wesley, 2006)
N OT E
Do'stlaringiz bilan baham: