htmlText, 232??“233
TextField.htmlText, 232??“233
Third-party scripts, 140
3DES (Triple DES), 129
Timestamps, 78??“79
Time-to-live (TTL) value, 238
TinyURL, 47
Transport, of worms, 56
Triple DES (3DES), 129
Trust zones (IE), 202
TTL (time-to-live) value, 238
?–? U
UAC (User Account Control), 246
UIPI (User Interface Privilege Isolation), 246
UIS (user ID), 159
Unintended exposure, 164??“166
in AJAX, 164??“166
countermeasure, 165
Unintended method exposure:
Direct Web Remoting, 179??“180
Google Web Toolkit, 182??“183
SAJAX, 186
XAJAX, 184??“185
Unmarking scripts, 205??“207
Upstream traffic, 150??“152
custom serialization, 152
HTTP Form POST, 150??“151
HTTP GET, 150
JavaScript arrays, 151
JSON, 151
SOAP, 151??“152
XML, 152
URL:
encoding, 50
hidden, 192
parsing, 244??“245
shortening, 47
in Web 2.0 migration, 192
URL Command Attack, 76 (See also Cross-site request
forgery)
URL enumeration, 95??“96
URL loading functions:
Cross-Site Scripting with, 233??“234
XSF attacks with, 234??“235
URL manipulation, 160
URL redirectors, 235
URLLoader class (Flash), 30, 224
URLRoot paths, 209
US-CERT, 236
User Account Control (UAC), 246
User authentication:
with cookies, 75
with Java, 9
with SQL, 5??“6
User ID (UID), 159
User Interface Privilege Isolation (UIPI), 246
Index 257
User-supplied data, 49
UTF-7 encodings:
as base for XSS, 50
Cross-Site Scripting, 50
HTML injections with, 42
prevention of, 50
?–? V
Validation, input, 123??“124
VBScript, 27
VeriSign, 204
Viewstate, 128??“132
countermeasures, 130
and CSRF, 130
decoding, 129
implementation of, 128??“129
Visual Basic, 39
Visual Studio, 126
?–? W
WCF (Windows Communication Foundation), 114
Web 1.
Pages:
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437