Try to identify any locations within the application that may contain clues

■

It may not be possible to draw any firm conclusions here; however, the

The final stage of the mapping process is to identify the various attack surfaces

exposed by the application, and the potential vulnerabilities that are com-

monly associated with each one. The following is a rough guide to some key

types of behavior and functionality that you may identify, and the kinds of

vulnerability that are most commonly found within each one. The remainder

of this book will be concerned with the practical details of how you can detect

and exploit each of these problems:

■■

Client-side validation — Checks may not be replicated on the server.

Database interaction — SQL injection.

■■

File uploading and downloading — Path traversal vulnerabilities.

Display of user-supplied data — Cross-site scripting.

■■

Dynamic redirects — Redirection and header injection attacks.

Login — Username enumeration, weak passwords, ability to use brute

force.

■■

Multistage login — Logic flaws.

Session state — Predictable tokens, insecure handling of tokens.

■■

Access controls — Horizontal and vertical privilege escalation.