The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Sometimes, the naming scheme used for different content employs

Download 5,76 Mb.

Pdf ko'rish

bet	128/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 124 125 126 127 128 129 130 131 ... 875

Bog'liq
3794 1008 4334

Sometimes, the naming scheme used for different content employs

identifiers such as numbers and dates, which can make inferring hidden

content extremely easy. This is most commonly encountered in the

names of static resources, rather than dynamic scripts. For example,

if a company’s web site links to

AnnualReport2004.pdf

and

Annual

Report2005.pdf

, it ought to be a short step to identifying what the next

report will be called. Somewhat incredibly, there have been notorious

cases of companies placing files containing financial results onto their

web servers before these were publicly announced, only to have wily

journalists discover them based on the naming scheme used in earlier

years.

■

Review all client-side code such as HTML and JavaScript to identify any

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 124 125 126 127 128 129 130 131 ... 875