The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Many web applications incorporate third-party code components to imple-

ment common functionality such as shopping carts, login mechanisms, and

message boards. These may be open source or may have been purchased from

an external software developer. When this is the case, the same components

often appear within numerous other web applications on the Internet, which

you can inspect to understand how the component functions. Often, different

features of the same component will be made use of by other applications,

enabling you to identify additional behavior and functionality beyond what is

directly visible in the target application. Also, the software may contain known

vulnerabilities that have been discussed elsewhere, or you may be able to

download and install the component yourself and perform a source code

review or probe it for defects in a controlled way.

HACK STEPS

■