WHAT'S HOT
PARTS:
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 427 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

1), 22, 26, 81
252 Hacking Exposed Web 2.0
?–? I
I Love You (worm), 103
ICMP (Internet Control Message Protocol), 97
IDE (integrated development environment), 190
IE 7 (see Internet Explorer 7)
IE trust zones, 202
iFrames:
in cross-domain actions, 72??“73, 82
and Same Origin Policy, 73
and Web pages, 73
IIS (Microsoft), 181
Images:
in cross-domain actions, 73
in Flash applications, 232, 233
HTML injection attacks using, 42??“43
for SSL certificates, 140??“141
storing, 73
XSS using, 101
img (HTML), 97
Injection attacks, 4??“20
automated testing for, 18??“19
buffer overflows, 16??“17
case study, 55??“66
choosing code for, 7??“17
command, 10??“12
directory traversal, 11??“14
example, 4??“6
and iSEC??™s SecurityQA Toolbar, 18??“19, 50??“52
LDAP, 15??“17
on MySpace, 55??“66
and open-source programs, 8
performing, 4
prevention of, 8??“12
SQL, 8??“10
testing for, 18??“19
XPath, 8, 10??“11
XXE, 13??“16
Inline frames, 82 (See also iFrames)
Input filtering, 99
Input validation, 123??“124
ASP.Net, 123??“124
bypassing, 123??“124
countermeasure, 124
in Flash applications, 236
Instant messaging, 46
Instructions, 4
Integrated development environment (IDE), 190
Internal Server API (ISAPI), 132
Internet Control Message Protocol (ICMP), 97
Internet Explorer (IE) 7, 243??“246
ActiveX controls in, 207??“208, 219??“222
ActiveX Opt-In feature, 219, 243??“244
cab files in, 243
cross-domain protection in, 245
JavaScript in, 39
line breaks in, 55??“56
MIME type mismatch in, 48
phishing filter in, 245??“246
Protected Mode, 246
and SAMY worm, 50
security zones, 245
SSL protections in, 244
URL parsing in, 244??“245
Interprocess communications (IPC), 198
IObjectSafety method, 205
IPC (interprocess communications), 198
ISAPI (Internal Server API), 132
iSEC Partners:
and cryptographic tokens, 86
SecureCookies tool, 174??“176
SecurityQA Toolbar, 18??“19, 50??“52, 213??“214
and URL enumeration, 95
IsValid property, 124
?–? J
Java (Sun Microsystems), 114
and ActiveX, 200
anti-DNS Pinning in, 241
and GWT, 190
user authentication with, 9
XPath injection in, 10
JavaScript:
ActionScript vs.


Pages:
415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437
After the Rain : how the West lost the East (page 187) A History of Indian Philosophy, Volume 1 (page 394) The Adventures of Tom Sawyer, Part 3. (page 13)
news news news news forex