Net, 124??“125
countermeasures for, 124??“125
disabling, 124
DES (Data Encryption Standard), 129
Di Paola, Stefano, 233, 235
Digital ID file, 204
Direct Web Remoting (DWR), 154, 178??“181
debug mode, 180??“181
installation of, 179
unintended method exposure, 179??“180
Directory traversal injection attacks, 11??“14
DLL (dynamic link library), 200
DllGetClassObject, 209
DNS (see Domain Name System)
DNS rebinding, 237??“241
Document Object Model (DOM), 72, 117
and AJAX, 72
JavaScript, 24
from XML, 117??“118
Document Type Definitions (DTDs), 118
document.domain (JavaScript), 23, 24
Dojo Toolkit, 186??“187
doLogin, 182
DOM (see Document Object Model)
domain (cookie), 26
Domain Name System (DNS), 202??“203, 238
Domain property, 174
Domains, 49
???Dot Net??? Framework (see .Net Framework)
Double dash (SQL), 5??“6
Downstream traffic, 148??“150
custom serialization, 150
JavaScript, 148??“149
JavaScript arrays, 149
JSON, 149
XML, 148
DropDownList, 126??“127
DTDs (Document Type Definitions), 118
DWR (see Direct Web Remoting)
Dynamic content, 22
Dynamic link library (DLL), 200
?–? E
E-commerce sites:
attacks on, 46
parameter manipulation attacks on, 159
shopping carts of, 159
E-mail, attacks on:
with cookies, 27??“29, 79
with JavaScript, 84??“85
mimicry, 46
and Same Origin Policy, 25??“26
with XMLHTTP, 104
on Yahoo!, 103
Encoding:
Base64, 166
with JavaScript, 50
output, 125??“126
Error messages:
ASP.
Pages:
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436