The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

every time they submit an invalid request can slow down the process of prob-

ing the application for vulnerabilities by many orders of magnitude, even

where automated techniques are employed. If residual vulnerabilities do still

exist, they are far less likely to be discovered by anyone in the field.

Where this kind of defense is implemented, it is also recommended that it

can be easily switched off for testing purposes. If a legitimate penetration test

of the application is slowed down in the same way as a real-world attacker,

then its effectiveness is dramatically reduced, and it is very likely that the pres-

ence of the mechanism will result in more vulnerabilities remaining in pro-

duction code than if the mechanism were absent.

HACK STEPS

Download 5,76 Mb.

Do'stlaringiz bilan baham: