Apache Security - Ivan Ristic [231]
injection attacks, Injection Flaws, SQL Injection, Cross-Site Scripting, Command Execution, Code Execution, Preventing Injection Attacks
code execution, Code Execution
command execution, Command Execution
preventing, Preventing Injection Attacks
scripting, XSS, Cross-Site Scripting
SQL, SQL Injection
learning environments, Learning Environments, WebMaven, WebGoat
WebGoat, WebGoat
WebMaven, WebMaven
null-byte attacks, Null-Byte Attacks, Null-Byte Attacks
PHP safe mode, Setting Safe Mode Options
resources, Web Application Security Resources
session management attacks, Session Management Attacks, Cookies, Session Management Concepts, Session Tokens, Session Attacks, Brute-force attacks, Good Practices
concepts, Session Management Concepts
cookies, Cookies
design flaw example, Brute-force attacks
good practices, Good Practices
session tokens, Session Tokens
sessions, attacks on, Session Attacks
sessions, Increasing Session Security, Increasing Session Security
directory for not shared, Increasing Session Security
tools, Web Application Security Tools, Web Application Security Tools, Paros, Commercial Web Security Tools
commercial, Commercial Web Security Tools
Paros, Paros
WebScarab, Web Application Security Tools
web applications, Application Logs, Application Isolation Strategies, Isolating Applications from Servers, Isolating Application Modules, Utilizing Virtual Servers, Integration reverse proxy, Application Logic Flaws, Cookies and Hidden Fields, Cookies and Hidden Fields, POST Method, Referrer Check Flaws, Referrer Check Flaws, Process State Management, Client-Side Validation, Evolution of Web Intrusion Detection
integration with reverse proxies, Integration reverse proxy
isolation strategies, Application Isolation Strategies, Isolating Applications from Servers, Isolating Application Modules, Utilizing Virtual Servers
modules, Isolating Application Modules
from servers, Isolating Applications from Servers
virtual servers, Utilizing Virtual Servers
logic flaws, Application Logic Flaws, Cookies and Hidden Fields, Cookies and Hidden Fields, POST Method, Referrer Check Flaws, Referrer Check Flaws, Process State Management, Client-Side Validation
client-side validation, Client-Side Validation
cookies, Cookies and Hidden Fields
hidden fields, Cookies and Hidden Fields
POST method, POST Method
process state management, Process State Management
real-life example, Referrer Check Flaws
referrer check, Referrer Check Flaws
logs, Application Logs
WAFs, Evolution of Web Intrusion Detection
Web Distributed Authoring and Versioning, Limiting request methods (see WebDAV)
web of trust identity verification, Web of trust
web security assessment, Web Security Assessment, Black-Box Testing, White-Box Testing, Gray-Box Testing, Web Security Scanners, Nikto, Nessus
administrator responsibility, Web Security Assessment
black-box testing, Black-Box Testing (see testing, black-box)
gray-box testing, Gray-Box Testing
security scanners, Web Security Scanners, Nikto, Nessus
Nessus, Nessus
Nikto, Nikto
white-box testing, White-Box Testing (see testing, white-box)
web server tree, Folder Locations
web servers, Web Server Status, Web Server Status, Web Server Status, Web Server Status, Fetching and storing statistics, Graphing, Using the scripts, Using the scripts, mod_watch, Web Server Analysis, Testing SSL, Identifying the web server, Identifying the application server, Examining default locations, Probing for common configuration problems, Examining responses to exceptional requests, Probing for known vulnerabilities, Enumerating applications, Reviewing the web server configuration
analysis, Web Server Analysis, Testing SSL, Identifying the web server, Identifying the application server, Examining default locations, Probing for common configuration problems, Examining responses to exceptional requests, Probing for known vulnerabilities, Enumerating applications, Reviewing the web server configuration