Net, 122
error messages, 7
escaping in, 8
user authentication with, 5??“6
256 Hacking Exposed Web 2.0
SQL injection attacks, 8??“10, 120??“122
example, 4??“6
on .Net Framework, 120??“122
prevention of, 8??“10
SqlCommand for, 121
SqlParameter class, 121??“122
use of, 5
SQL Server 2005 (Microsoft), 120
SqlCommand, 120, 121
SqlConnection, 120
SqlParameter, 121??“122
SSL (see Secure Sockets Layer)
SSL certificates, 140??“141
SSL Middle Person attack, 244
SSL protections, 244
SSLv2, 244
Stall0wn3d, 45
Stateless protocols, 26
Stock pumping, 135??“138
Stored attacks:
CSRF attacks, 80
on Flash applications, 226??“227
HTML injections, 33, 37??“41
finding, 37??“41
security policy, 226??“227
StoredProcedure, 122
Structured Query Language (see under SQL)
Style tags, 102
Sun Microsystems, 114
SWFs:
automatically generated, 236
controller, 236
Cross-Site Scripting in, 236
decompiled, 228??“229
System information (.Net), 131??“132
System.security.loadPolicyFile(), 225
System.xml namespace, 116, 118
?–? T
TCP port 80, 97
TCP socket, 224
Testing:
of ActiveX controls, 212??“214, 219
for AJAX, malicious, 106??“107
automated, 18??“19, 50??“52, 106??“107, 213??“214
for Cross-Site Scripting, 50??“52
for injection attacks, 18??“19
TextArea.
Pages:
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437