The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Identify any forgotten password functionality within the application. If

Download 5,76 Mb.

Pdf ko'rish

bet	259/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 255 256 257 258 259 260 261 262 ... 875

Bog'liq
3794 1008 4334

Identify any forgotten password functionality within the application. If

this is not explicitly linked from published content, it may still be imple-

mented (see Chapter 4).

■

Understand how the forgotten password function works by doing a com-

plete walk-through using an account you control.

■

If the mechanism uses a challenge, determine whether users are able to

set or select their own challenge and response. If so, use a list of enu-

merated or common usernames to harvest a list of challenges, and

review this for any that appear easily guessable.

■

If the mechanism uses a password “hint,” do the same exercise to har-

vest a list of password hints, and target any that are easily guessable.

■

Try to identify any behavior in the forgotten password mechanism that

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 255 256 257 258 259 260 261 262 ... 875