Wiley.The.Web.Application.Hackers.Handbook02

02 | 6 Chapter 1 Web Application In security This Site Is Secure There is a widespread awareness that security is an issue for web applications. Consult the FAQ page of a typical application and you will be reassured that it is in fact secure. For example This site is absolutely secure. It has been designed to use 128-bit Secure Socket Layer SSL technology to prevent unauthorized users from viewing any of your information. You may use this site with peace of mind that your data is safe with us. In virtually every case web applications state that they are secure because they use SSL. Users are often urged to verify the site s certificate admire the advanced cryptographic protocols in use and on this basis trust it with their personal information. In fact the majority of web applications are insecure and in ways that have nothing to do with SSL. The authors of this book have tested hundreds of web applications in recent years. Figure 1-3 shows the proportions of those applications tested during 2006 and 2007 that were found to be affected by some common categories of vulnerability. These are explained briefly below Broken authentication 67 This category of vulnerability encompasses various defects within the application s login mechanism which may enable an attacker to guess weak passwords launch a brute-force attack or bypass the login altogether. Broken access controls 78 This involves cases where the application fails to properly protect access to its data and functionality potentially enabling an attacker to view other users sensitive data held on the server or carry out privileged actions. SQL injection 36 This vulnerability enables an attacker to submit crafted input to interfere with the application s interaction with back-end databases. An attacker may be able to retrieve arbitrary data from the application interfere with its logic or execute commands on the database server itself. Cross-site scripting 91 This vulnerability enables an attacker to target other .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
127    8    1    28-03-2024
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.