WHAT'S HOT
PARTS:
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 421 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

Net, 123??“128, 153
and Cross-Site Scripting, 123??“128
default page validation, 124??“125
error pages, 131
form control properties, 126??“127
input validation, 123??“124
and Microsoft, 125
output encoding, 125??“126
and SQL, 122
Viewstate, 128??“132
and web services attacks, 132??“134
ASP.Net AJAX (Microsoft Atlas), 153
Asynchronous JavaScript and XML (see AJAX)
Atlas (ASP.Net AJAX), 153
Authentication (see specific types, e.g.: User
authentication)
Automated testing:
of ActiveX controls, 213??“214
for AJAX, malicious, 106??“107
for Cross-Site Scripting, 50??“52
for injection attacks, 18??“19
Automatic Website Checking, 246
Automatically generated SWFs, 236
Axenum (axfuzz), 214??“217
AxMan, 217??“219
?–? B
Banking systems, 46
Banner ads, 73
Base64 encoding, 99, 166, 167
BeEF browser exploitation, 91??“94
BeEF proxy, 91??“94
Berners-Lee, Tim, 74
Blaster (worm), 103
Blog applications, 104
???Boiler Rooms,??? 135
Browser authentication, 76
Browser plug-ins, 52
Buffer overflows, 16??“17, 208, 219
in C, 17, 208
in C++, 208
injection attacks, 16??“17
on local machines, 17
prevention of, 17
on remote machines, 17
Bugs, 76
Burns, Jesse, 86, 181
Bypass input filters, 99??“103
?–? C
C#, 10, 115, 116
C (programming language):
and buffer overflows, 17
buffer overflows in, 208
in C++, 17
Cabinet (cab) files:
and ActiveX, 204
and IE, 243
Cascading Style Sheets (CSS), 95, 97
CERN, 74
CGI, shell-based, 10
Chat applications, 46
Class identifier (CLSID), 201, 205, 207
clickTAG (Flash variable), 231
Client frameworks, 178
Client-server proxy, 146??“147
Client-side rendering, 147
CLR (Common Language Runtime), 114
CLSID (see Class identifier)
CoCreateInstance, 209
COM (see Component Object Model)
Command injection attacks, 10??“12
Common Language Runtime (CLR), 114
CompareValidator, 123
Component Object Model (COM), 198, 205, 214
connectToRouter(), 240
Controller SWFs, 236
Index 249
Cookie flags, 173??“176
HTTPOnly flag, 173
Secure flag, 173
Cookie security model, 26??“29
conflicting, 27
JavaScript for, 28
parsing, 28, 29
protecting, 29
and Same Origin Policy, 28
Cookies, 166??“176
and AJAX, 166??“176
and Cross-Site Scripting, 44
and CSRF, 76
Domain property of, 174
e-mail attacks with, 27??“29, 79
in Flash applications, 43
generation schemes, 166??“173
and JavaScript, 27
Path property of, 174
and RFC 2109, 26
risk of, 76
and SecureCookies tool, 174??“176
security controls for, 26??“27
session authentication with, 79
for session identification, 166
site-specific items, 174
and SSL, 28
stealing, 44, 89
user authentication with, 75
and VBScript, 27
web application attacks using, 79
XSS vs.


Pages:
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433
After the Rain : how the West lost the East (page 329) A History of Indian Philosophy, Volume 1 (page 691) The Adventures of Tom Sawyer, Part 3. (page 2)
tanie noclegi mielno transport odpadów upadlanych.waw.pl online loans for bad credit history asus netbooki