We've provided a brief overview of each chapter below. Check back frequently
as we add more!
1: Hacking Web Apps 101
In this chapter, we take a 50,000-foot aerial view of web application
hacking tools and techniques. Buckle your seatbelt, Dorothy, because Kansas
is going bye-bye.
The first step in any methodology is often one of the most critical, and
profiling is no exception. This chapter illustrated the process of reconnaissance
in prelude to attacking a web application and its associated infrastructure.
3: Hacking Web Platforms
No application can be secured if it's built on a web platform that's full
of security holes - this chapter describes attacks, detection evasion
techniques, and countermeasures for the most popular web platforms, including
IIS, Apache, PHP, and ASP.NET.
4: Attacking Web Authentication
This chapter covers attacks and countermeasures for common web authentication
mechanisms, including password-based, multi-factor (e.g. SecureID, Passmark,
CAPTCHA) and online authentication services like Passport.
5: Attacking Web Authorization
See how to excise the heart of any Web application's access controls through
advanced session analysis, hijacking, and fixation techniques.
6: Input Injection Attacks
Brackets and quotes and dashes, oh my! From cross-site scripting to SQL
injection, the essence of most web attacks is unexpected application input.
In this chapter, we review the classic categories of malicious input,
from overlong input (like buffer overflows) to canonicalization attacks
(like the infamous dot-dot-slash), and reveal the metacharacters that
should always be regarded with suspicion (including angle brackets, quotes,
single quote, double dashes, percent, asterisk, underscore, newline, ampersand,
pipe, and semicolon), beginner-to-advanced SQL injection tools and techniques,
plus stealth-encoding techniques and input validation/output encoding
7: Attacking XML-Web Services
8: Attacking Web Application Management
Don't drop the SOAP, because this chapter will reveal how web services
vulnerabilities are discovered and exploited through techniques including
WSDL disclosure, input injection, external entity injection, and XPath
If the front door is locked, try the back! This chapter reveals the most
common web application management attacks against remote server management,
web content management/authoring, admin misconfigurations, and developer-driven
9: Hacking Web Clients
Did you know that your web browser is actually an effective portal through
which unsavory types can enter directly into your homes and offices? Take
a tour of the nastiest Firefox and IE exploits around, and then follow
our "10 Steps to a Safer Internet Experience" (along with dozens
of additional countermeasures) so you can breathe a little easier when
10: The Enterprise Web Application
Go behind-the-scenes to see our white/grey-box web security testing methodology
and how it integrates into the web application development lifecycle,
this chapter takes a brief departure from zero-knowledge/black-box analysis
to explain the advantages of a robust full-knowledge/white-box web application
security assessment methodology, including threat modeling, code review,
dynamic web application scanning, security testing, and integrating security
into the overall web application development lifecycle and IT operations.
This chapter is aimed at IT operations and development staff for medium-to-large
enterprises who need to implement our web application assessment methodology
so it is scaleable, consistent, and delivers acceptable return on investment.
A: Web Site Security Checklist
B: Web Hacking Tools & Techniques Cribsheet