HACK STEPS (continued)
■
You can use Burp Intruder to automate this task. For every request it gen-
erates, Intruder automatically records the time taken before the applica-
tion responds, and the time taken to complete the response. You can sort
a table of results by either of these attributes to quickly identify any
obvious correlations.
Preventing Information Leakage
While it may not be feasible or desirable to prevent the disclosure of absolutely
any information that an attacker may find useful, there are various relatively
straightforward measures that can be taken to reduce information leakage to a
minimum and to withhold altogether the most sensitive data that can critically
undermine an application’s security if disclosed to an attacker.
Do'stlaringiz bilan baham: