UEU-co logo
Englishالعربية中文(简体)FrançaisDeutschItaliano日本語한국어PolskiPortuguêsRomânăРусскийSlovenčinaSlovenščinaEspañolTürkçeاردو
 Edit Translation

Category: Web Hacking – Attacks and Defense

Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet This appendix contains a list of all the major source code disclosure techniques discovered over the years. Many of them are specific to particular bugs in particular versions of software. Others are generic across platforms and have been known to reappear contrary to what the […]

Appendix E. Resources and Links This brief list of important resources and links to them will help you keep up to date with changes in the Web security field. Table E-1. Links and Resources Resource URL Packetstorm Security http://www.packetstormsecurity.org Security Focus http://www.securityfocus.com Securiteam http://www.securiteam.com New Order http://neworder.box.sk Computer Emergency Response Team (CERT) http://www.cert.org Rain Forest […]

Appendix F. Web-Related Tools You can use the following Web-related tools to perform Web application assessments. Table F-1. Web Related Tools Name URL Description Foundstone SuperScan http://www.foundstone.com Popular TCP port scanner, pinger, and resolver for the Microsoft Windows platform. Foundstone FScan http://www.foundstone.com Popular command line port scanner for the Microsoft Windows platform. Whisker http://www.wiretrip.net/rfp/ Popular […]

Summary Intrusion detection is far from a perfect science. Intrusion detection systems are meant to serve as an alerting system for security administrators. You cannot rely entirely on an IDS to detect all attacks directed at a network. Many vendors are selling IDS solutions that can proactively configure a firewall to block an attacker’s traffic […]

Appendix A. Web and Database Port Listing This list includes the ports on all the popular Web and database servers. You may need to refer to them from time to time as you read this book. Table A-1. HTTP/1.1 Methods and Field Definitions Web and Database Port Listing Port Server 66 Oracle SQL*Net 80 Hyper […]

Appendix B. HTTP/1.1 and HTTP/1.0 Method and Field Definitions These tables contain a nearly complete list of all the methods, requests, and header fields of typical HTTP/1.0 and HTTP/1.1 requests and responses. Table B-1. HTTP/1.1 Methods and Field Definitions Method Request Definition GET GET <Request-URI>?query_string HTTP/1.1r Host: <hostname or IP address of host>r r The […]

Appendix C. Remote Command Execution Cheat Sheet This table provides a handy list of techniques that can be used for remote command execution, by language. Table C-1. Remote Command Execution Cheat Sheet Web Application Environment Source Code Additional Information Java Servlet class Example extends HTTPServlet{ . . . void function() {Runtime r = Runtime.getRuntime();Process p […]

Generating False Positives False positives can be generated in an IDS in many different ways. One way is by sending data that contain strings that match the patterns in the IDS’s signature table, yet the data don’t form an attack. Consider these three URLs: · http://192.168.7.203/index.html#cmd.exe · http://192.168.7.203/index.html?dummyparam=xp_cmdshell · http://192.168.7.203/cgi-bin/print.cgi?page=3&dummyparam=cat+/etc/passwd The first URL has a […]

Potential Countermeasures Marcus Ranum, founder of NFR, Inc., delivered a talk at the Blackhat Briefings 1999 on building “burglar alarms” and “booby traps.” He mentioned that the best defense is to build a proper perimeter security and to lock down each system individually. However, to ensure that the perimeter or system security isn’t breached, a […]

Introduction In modern warfare, attacks occur in a very short period of time. The ability to thwart and repel an attack depends greatly on how early it can be detected. Radar, satellites, and other monitoring and surveillance systems are regularly used to detect any hostile activity. However, even in warfare, intrusion detection isn’t 100% accurate. […]

IDS Accuracy Accuracy in reporting is a critical issue for intrusion detection systems. Accuracy errors fall into two categories: false positives and false negatives. On the one hand, a false positive occurs when an activity is reported as an attack, while in reality it isn’t an attack. On the other hand, a false negative occurs […]

Getting Past an IDS To get attack data past an IDS without being detected, an attacker needs to study how IDSs work and identify the weaknesses of each IDS component. Every IDS relies on a sniffer and a signature analysis engine. The easiest way to bypass them is to send encrypted data, which eventually would […]

Secure Hacking—Hacking Over SSL In most e-commerce applications, sensitive traffic is usually sent over SSL. It provides an encrypted connection between the Web browser and the Web server, keeping data in transit safe from eavesdroppers. The sole purpose of SSL was to defeat packet sniffing, which allowed malicious eavesdroppers to recover sensitive information from data […]

Polymorphic URLs The word polymorphic means an object having many forms. We coined the term polymorphic URLs to refer to URLs that relate to the same resource but are written in many different ways. In Chapter 3 we discussed the structure of URLs and how characters not allowed in the URL character set can be […]

Introduction The year 2001 should be named The Year of the Worm—the computer worm. Despite its name, a computer worm is much like a replicating, resource-starving virus that can bring down even the largest of computer systems. As defined by www.webopedia.com, a worm is: A program or algorithm that replicates itself over a computer network […]

Categories