Scribd
Upload
64 views

Web Attack

This document discusses various topics related to HTTP including session management, cookies, access control, headers, authentication methods, encoding schemes, and common vulnerabilities like SQL injection, cross-site scripting, and session hijacking. It also mentions PUT and GET methods, REST, and tools/technologies like servlets, ColdFusion, Ruby on Rails, and content management systems.

Uploaded by

Dron patel
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
64 views

Web Attack

This document discusses various topics related to HTTP including session management, cookies, access control, headers, authentication methods, encoding schemes, and common vulnerabilities like SQL injection, cross-site scripting, and session hijacking. It also mentions PUT and GET methods, REST, and tools/technologies like servlets, ColdFusion, Ruby on Rails, and content management systems.

Uploaded by

Dron patel
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Http.

Session management.

Http cookies.

Handling user access.

How token are generated.

Access control.

SOAP service

SMTP injection

Canonicalization

Saitization

Error handling

User agent

host header

cookie header

pragma header

Content-Type header

Content-Length header

Allow header

Put and get method

Trace in http

Head functions

Arbitrary script

Rerefer header

User-agent header

Representational state transfer (REST)

General Headers
connection

content-encoding

content-length
content-type

transfer-encoding

REQUEST HEADERS
Accept

accept-encoding

authorization

cookie

host

if-modified-since

if-none-match

origin

referer

user-agent

RESPONSE HEADERS
access-control-allow-origin

cache-control

etag

expires

location

pragma

server

set-cookie

www-authenticate

x-frame-option

If-None-Match header

---------------------------------

Connect method
HTTP AUTHENTICATION
 Basic
 NTLM
 Digest
Document Type Definition (DTD)
Web Services Description Language (WSDL)
redir parameter
Web 2.0
Different types of encoding systems
Naming scheme
Review of client and server-side code.
Java applet
ActiveX
Flash
Content management system (CMS)
Discover about hidden parameter in URL
Learn about parameters (request parameter, etc)
HTTP header
Out-of-band channel

servlet — Java servlets


n pls — Oracle Application Server PL/SQL
gateway
n cfdocs or cfide — Cold Fusion
n Silverstream — The Silverstream web server
n WebObjects or {function}.woa — Apple
WebObjects
n rails — Ruby on Rails
JSESSIONID — The Java Platform
n ASPSESSIONID — Microsoft IIS server
n ASP.NET_SessionId — Microsoft ASP.NET
n CFID/CFTOKEN — Cold Fusion
n PHPSESSID — PHP
Obfuscation scheme
Database interaction — SQL injection
File uploading and downloading — Path traversal
vulnerabilities, stored
Client-side validation — Checks may not be replicated on the
server
cross-site scripting
Display of user-supplied data — Cross-site scripting
Dynamic redirects — Redirection and header injection
attacks
Social networking features — username enumeration,
stored cross-site
scripting
Login — Username enumeration, weak passwords, ability to
use brute
force
Multistage login — Logic flaws
Session state — Predictable tokens, insecure handling of
tokens
Access controls — Horizontal and vertical privilege escalation
User impersonation functions — Privilege escalation
Use of cleartext communications — Session hijacking,
capture of credentials
and other sensitive data
Off-site links — Leakage of query string parameters in the
Referer
header
Interfaces to external systems — Shortcuts in the handling
of sessions
and/or access controls
Error messages — Information leakage
E-mail interaction — E-mail and/or command injection
Native code components or interaction — Buffer overflows
Use of third-party application components — Known
vulnerabilities
Identifiable web server software — Common configuration
weaknesses, known software bugs
Base 64 encoding-decoding

You might also like