The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

resource, to obtain an example of the URL by which it is ultimately

Download 5,76 Mb.

Pdf ko'rish

bet	412/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 408 409 410 411 412 413 414 415 ... 875

Bog'liq
3794 1008 4334

Securing Access Controls

resource, to obtain an example of the URL by which it is ultimately

retrieved.

■

Using a different user context (for example, a less-privileged user or an

account that has not made a required purchase), attempt to access the

resource directly using the URL you have identified.

■

If this attack succeeds, try to understand the naming scheme being used

for protected static files. If possible, construct an automated attack to

trawl for content that may be useful or contain sensitive data (see

Chapter 13).

Securing Access Controls

Access controls are one of the easiest areas of web application security to

understand, although a well-informed, thorough methodology must be care-

fully applied when implementing them.

First, there are several obvious pitfalls to avoid. These usually arise from

ignorance about the essential requirements of effective access control or

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 408 409 410 411 412 413 414 415 ... 875