The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

assumptions being made and spot the subtle logic flaw that can be exploited to

walk right through the door.

The most important lesson when attacking authentication functionality is to

look everywhere. In addition to the main login form, there may be functions to

register new accounts, change passwords, remember passwords, recover for-

gotten passwords, and impersonate other users. Each of these presents a rich

target of potential defects, and problems that have been consciously elimi-

nated within one function very often reemerge within others. Invest the time

to scrutinize and probe every inch of attack surface you can find, and your

rewards may be great.

Questions

Answers can be found at 

www.wiley.com/go/webhacker

.

1. While testing a web application you log in using your credentials of 

joe

and 

pass

. During the login process, you see a request for the following

URL appear in your intercepting proxy:

http://www.wahh-app.com/app?action=login&uname=

joe&password=pass

What three vulnerabilities can you diagnose without probing any 

further?

2. How can self-registration functions introduce username enumeration

vulnerabilities? How can these vulnerabilities be prevented?

3. A login mechanism involves the following steps:

(a) The application requests the user’s username and passcode.

(b) The application requests two randomly chosen letters from the

user’s memorable word. 

Why is the required information requested in two separate steps? What

defect would the mechanism contain if this were not the case?

4. A multistage login mechanism first requests the user’s username and

then various other items across successive stages. If any supplied item

is invalid, the user is immediately returned to the first stage.

What is wrong with this mechanism, and how can the vulnerability be

corrected?

Download 5,76 Mb.

Do'stlaringiz bilan baham: