The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

In this chapter, we will look at all of the types of weakness that the authors

have encountered in real-world web applications. We will set out in detail the

practical steps that you need to take to find and exploit these defects. Finally,

we will describe the defensive measures that applications should take to pro-

tect themselves against these attacks.

C O M M O N   M Y T H

“We use smartcards for authentication, and users’

sessions cannot be compromised without the card.”

However robust an application’s authentication mechanism, subsequent

requests from users are only linked back to that authentication via the resulting

Download 5,76 Mb.

Do'stlaringiz bilan baham: