Technologies such as ActiveX and Flash have been around for while,
but they are being used more and more in Web 2.0 applications. Lastly, newer attack classes,
such as cross-domain attacks, will be discussed. These attacks significantly increase the
attack surface as end users can be attacked on one domain by visiting another.
HOW THIS BOOK IS ORGANIZED
To ensure that the book covers as many topics as possible with Web 2.0 content, it is
divided into four different parts. In addition to each chapter within a part, a case study
is also included. The case study is used to put practical application to each topic covered
in the chapters.
Part I
Part I begins with common injection attacks. This chapter discusses injection attacks that
have been around for awhile, such as SQL injection, as well as new injection issues
prevalent in Web 2.0, such as XPath and XXE (XML eXternal Entity) attacks. XXE attacks
attempt to exploit RSS document and feeds in web applications, a common theme in
Web 2.0. Chapter 2 discusses Cross-Site Scripting (XSS), which has been around for a
long while, but has evolved in Web 2.0. This chapter shows how to take the existing XSS
attack class and apply it to Web 2.
Pages:
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53