The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

HACK STEPS Performing remote black-box testing for subtle thread safety issues of this kind

Download 5,76 Mb.

Pdf ko'rish

bet	639/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 635 636 637 638 639 640 641 642 ... 875

Bog'liq
3794 1008 4334

Target selected items of key functionality, such as login mechanisms
Also find the simplest means of confirming the result of the action — for example, verifying that a given user’s login has resulted in access to their

HACK STEPS

Performing remote black-box testing for subtle thread safety issues of this kind

is not straightforward and should be regarded as a specialized undertaking,

probably necessary only in the most security-critical of applications.

■

Target selected items of key functionality, such as login mechanisms,

password change functions, and funds transfer processes.

■

For each function tested, identify a single request, or a small number of

requests, that can be used by a given user to perform a single action.

Also find the simplest means of confirming the result of the action — for

example, verifying that a given user’s login has resulted in access to their

own account information.

Continued

70779c11.qxd:WileyRed 9/14/07 3:14 PM Page 369

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 635 636 637 638 639 640 641 642 ... 875