12.3 Hacking Methodology

Web App Hacking Methodology - Footprint Web Infrastructure

  • Web infrastructure footprinting is the first step in web application hacking; it helps attackers to select victims and identify vulnerable web applications.
  • Server Discovery: Discover the physical servers that hosts web application.
  • Service Discovery: Discover the services running on web servers that can be exploited as attack paths for web app hacking.
  • Server Identification: Grab server banners to identify the make and version of the web server software.
  • Hidden Content Discovery: Extract content and functionality that is not directly linked or reachable from the main visible content.

Foorprint Web Infrastructure: Server Discovery

  • Server discovery gives information about the location of servers and ensures that the target server is alive on Internet.
  • Whois Lookup: Whois lookup utility gives information about the IP address of web server and DNS names
  • DNS Interrogation: DNS interrogation provides information about the location and type of servers
  • Port Scanning: Port Scanning attempts to connect to a particular set of TCP or UDP ports to find out the service that exists on the server.
    1. Scan the target web server to identify common ports that web servers use for different services.
    2. Tools used for service discovery:
      • Nmap
      • NetScan Tools Pro
      • Sandcat Browser
    3. Identified services act as attack paths for web application hacking.
Port Typical HTTP Services
80 World Wide Web standard port
81 Alternate WWW
88 Kerberos
443 SSL (https)
900 IBM Websphere administration client
2301 Compaq Insight Manager
2381 Compaq Insight Manager over SSL
4242 Microsoft Application Center Remote management
7001 BEA Weblogic
7002 BEA Weblogic over SSL
7070 Sun Java Web Server over SSL
8000 Alternate Web server, or Web cache
8001 Alternate Web server or management
8005 Apache Tomcat
9090 Sun Java Web Server admin module
10000 Netscape Administrator interface

Port scan

Foorprint Web Infrastructure: Server Identification/Banner Grabbing

  • Analyze the server response header field to identify the make, model and version of the web server software.
  • Syntax: C:\telnet Website URL or IP address 80
  • Run command s_client -host [target website] -port 443
    • openssl.exe
  • Type GET / HTTP/1.0 to get the server information
  • Banner Grabbing Tools:
    • Telnet
    • Netcat
    • ID Serve
    • Netcraft

Detecting Web App Firewalls and Proxies on Target Site (?)

  • Detecting Proxies:
    • Determine whether your target site is routing your requests through a proxy servers.
    • Proxy servers generally add certain headers in the response header field.
    • Use TRACE method of HTTP/1.1 to identify the changes the proxy server made to the request.
  1. The trace command sends a request to the web server, asking it to send back the request.
  2. If the web server is present before a proxy server, and when an attacker sends a request using the trace command, the proxy modifies this request (by adding some headers) and forwards it to the target web server.
  3. When the web server bounces back the request to the attacker's machine, the attacker compares both requests and analyzes the changes made to it by the proxy server.
  • Detecting Web App Firewall:
    • Web Application Firewall (WAF) prevents web application attack by analyzing HTTP traffic.
    • Determine whether your target site is running web app firewall in front of an web application.
    • Check the cookies response of your request because most of the WAFs add their own cookie in the response.
    • Use WAF detection tools such as WAFW00F to find which WAF is running in front of application.
  • View the HTTP request cookie
  • Analyze the HTTP header request

Footprint Web Infrastructure: Hidden Content Discovery

  • Discover the hidden content and functionality that is not reachable from the main visible content to exploit user privileges within the application.
  • It allows an attacker to recover backup copies of live files, configuration files and log files containing sensitive data, backup archives containing snapshots of files within the web root, new functionality which is not linked to the main application, etc.
  • Web Spidering:
    • Web spiders automatically discover the hidden content and functionality by parsing HTML form the client-side JavaScript requests and responses.
    • Web Spidering Tools:
      • OWASP Zed Attack Proxy
      • Burp Suite
      • WebScarab
  • Attacker-Directed Spidering:
    • Attacker accesses all of the application's functionality and uses an intercepting proxy to monitor all requests and responses.
    • The intercepting proxy parses all of the application's responses and reports the content and functionality it discovers.
    • Tool: OWASP Zed Attack Proxy
  • Brute-Forcing:
    • Use automation tools such as Burp Suite to make huge numbers of requests to the web server in order to guess the names or identifiers of hidden content and functionality.

Web Spidering Using Burp Suite (重要)

  • Configure yourweb browser to use Burp as a local proxy.
  • Access the entire target application visiting every single link/URL possible, and submit all the application forms available.
  • Browse the target application with JavaScript enabled and disabled, and with cookies enabled and disabled.
  • Check the site map generated by the Burp proxy, and identify any hidden application content or functions.
  • Continue these steps recursively until no further content or functionality is identified.

Web Crawling Using Mozenda Web Agent Builder

  • Mozenda Web Agent Builder crawls through a website and harvests pages of information.
  • The software support logins, result index, AJAX, borders, and others.
  • The extracted data can be accessed online, exported and used through an API.

Web App Hacking Methodology - Attack Web Servers

  • After identifying the web server environment, scan the server for known vulnerabilities using any web server vulnerability scanner.
  • Launch web server attack to exploit identified vulnerabilities.
  • Tools used:
    • UrlScan
    • Nikto
    • Nessus
    • Acunetix Web Vulnerability
    • WebInspect
  • Launch Denial-of-Service (DoS) against web server.
    • DoSHTTP, Hping, Loci and Xoic, SYN Flooding, Slowloris, DRDos.

Web Server Hacking Tool: WebInspect

  • WebInspect identifies security vulnerabilities in the web applications.
  • It runs interactive scans using a sophisticated user interface.
  • Attacker can exploit identified vulnerabilities to carry out web services attacks.

Web App Hacking Methodology - Analyze Web Applications

  • Analyze the active application's functionality and technologies in order to identify the attack surfaces that it exposes.
  • Identify Entry Points for User Input: Review the generated HTTP request to identify the user input entry points.
  • Identify Server-Side Functionality: Observe the applications revealed to the client to identify the server-side structure and functionality.

Common Gateway Interface (CGI)

  • Identify Server-Side Technologies: Fingerprint the technologies active on the server using various fingerprint techniques such as HTTP fingerprinting.

ASP, ASP.NET, ColdFusion, JSP, PHP, Python, and Ruby on Rails.

  • Map the Attack Surface: Identify the various attack surfaces uncovered by the applications and the vulnerabilities that are associated with each one.

Analyze Web Applications: Identify Entry Points for User Input

  • Examine URL, HTTP Header, query string parameters, POST data, and cookies to determine all user input fields.
  • Identify HTTP header parameters that can be processed by the application as user inputs such as User-Agent, Referer, Accept, Accept-Language, and Host headers.
  • Determine URL encoding techniques and other encryption measures implemented to secure the web traffic such as SSL.
  • Tools used:
    • Burp Suite
    • HttPrint
    • WebScarab
    • OWASP Zed Attack Proxy

Analyze Web Applications: Identify Server-Side Technologies

  • Perform a detailed server fingerprinting, analyze HTTP headers and HTML source code to identify server side technologies.
  • Examine URLs for file extensions, directories, and other identification information.
  • Examine the error page messages.
  • Examine session tokens:
    • JSESSIONID - Java
    • ASPSESSIONID - IIS server
    • ASP.NET_SessionId - ASP.NET
    • PHPSESSID - PHP
  • Firefox addon: Wappalyzer
  • Kali: whatweb -v [URL]

Analyze Web Applications: Identify Server-Side Functionality

  • Examine page source and URLs and make an educated guess to determine the internal structure and functionality of web applications.
  • Tools used:
    • GUN Wget
    • Teleport Pro
    • BlackWidow
  • Examine URL:
    • https://www.juggyboy.com/customers.aspx?name=existing%20clients&isActive=O&startDate=20%2F11%2F2010&endDate=20%2F05%2F2011&showBy=name
      • https: SSL
      • aspx: ASPX | Platform
      • startDate, endDate, showBy: Database Column

Analyze Web Applications: Map the Attack Surface

Information Attack Information Attack
Client-Side Validation Injection Attack, Authentication Attack Injection Attack Privilege Escalation, Access Controls
Database Interaction SQL Injection, Data Leakage Cleartext Communication Data Theft, Session Hijacking
File Upload and Download Directory Traversal Error Message Information Leakage
Display of User-Supplied Data Cross-Site Scripting Email Interaction Email Injection
Dynamic Redirects Redirection, Header Injection Application Codes Buffer Overflows
Login Username Enumeration, Password Brute-Force Third-Party Application Known Vulnerabilities Exploitation
Session State Session Hijacking, Session Fixation Web Server Software Known Vulnerabilities Exploitation

Web App Hacking Methodology - Attack Authentication Mechanism

  • Attackers can exploit design and implementation flaws in web applications, such as failure to check password strength or insecure transportation of credentials, to bypass authentication mechanisms.
  • User Name Enumeration:
    • Verbose failure messages
    • Predictable user names
  • Cookie Exploitation:
    • Cookie poisoning
    • Cookie sniffing
    • Cookie replay
  • Session Attacks:
    • Session prediction
    • Session brute-forcing
    • Session poisoning
  • Password Attacks:
    • Password functionality exploits
    • Password guessing
    • Brute-force attack

User Name Enumeration

  • If login error states which part of the user name and password is not correct, guess the users of the application using the trial-and-error method.
  • Some applications automatically generate account user names based on a sequence (such as user101, user102, etc.), and attackers can determine the sequence and enumerate valid user names.
  • Note: User name enumeration from verbose error messages will fail if the application implements account lockout policy i.e., locks account after a certain number of failed login attempt.

Password Attacks: Password Functionality Exploits

  • Password Changing:
    • Determine password change functionality within the application by spidering the application or creating a login account.
    • Try random strings for 'Old Password', 'New Password', and 'Confirm the New Password' fields and analyze errors to identify vulnerabilities in password change functionality.
  • Password Recovery:
    • Forgot Password' features generally present a challenge to the user; if the number of attempts is not limited, attacker can guess the challenge answer successfully with the help of social engineering.
    • Applications may also send a unique recovery URL or existing password to an email address specified by the attacker if the challenge is solved.
  • "Remember Me" Exploit:
    • "Remember Me" functions are implemented using a simple persistent cookie, such as RememberUser=jason or a persistent session identifier such as RememberUser=ABY112010.
    • Attackers can use an enumerated user name or predict the session identifier to bypass authentication mechanisms.

Password Attacks: Password Guessing

  • Password List: Attackers create a list of possible passwords using most commonly used passwords, footprinting target and social engineering techniques, and try each password until the correct password is discovered.
  • Password Dictionary: Attackers can create a dictionary of all possible passwords using tools such as Dictionary Maker to perform dictionary attacks.
  • Tools: Password guessing can be performed manually or using automated tools such as WebCracker, Brutus, Burp Intruder, THC-Hydra,etc.

Password Attacks: Brute-forcing

  • In brute-forcing attacks, attackers crack the log-in passwords by trying all possible values from a set of alphabets, numeric, and special characters.
  • Attackers can use password cracking tools such as Burp Suite, Brutus, and SensePost Crowbar.

Session Attacks: Session ID Prediction/Brute-Forcing

  1. In the first step, the attacker collects some valid session ID values by sniffing traffic from authenticated users.
  2. Attackers then analyze captured session IDs to determine the session ID generation process such as the structure of session ID, the information that is used to create it, and the encryption or hash algorithm used by the application to protect it.
  3. Vulnerable session generation mechanisms that use session IDs composed by user name or other predictable information, like timestamp or client IP address, can be exploited by easily guessing valid session IDs.
  4. In addition, the attacker can implement a brute force technique to generate and test different values of session ID until he successfully gets access to the application.
  • If the cookie contains passwords or session identifiers, attackers can steal the cookie using techniques such as script injection and eavesdropping.
  • Attackers then replay then cookie with the same or altered passwords or session identifiers to bypass web application authentication.
  • Attackers can trap cookies using tools such as OWASP Zed Attack Proxy, Burp Suite, etc.

Web App Hacking Methodology - Attack Authorization Schemes

Authorization Attack

  • Attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to user ID, user name, access group, cost, filenames, file identifiers, etc.
  • Attackers first access web application using low privileged account and then escalate privilege to access protected resources.
  • Attackers use sources such as the following to perform authorization attacks:
    • Parameter Tampering
    • POST Data
    • Uniform Resource Identifier
    • HTTP Headers
    • Cookies
    • Hidden Tags
  • 掃dir: dirb
  • 塞進入點: wfuzz
  • Payload: fuzzdb, seclists

HTTP Request Tampering

  • Query String Tampering:
    • If the query string is visible in the address bar on the browser, the attacker can easily change the string parameter to bypass authorization mechanisms.
      • http://www.juggyboy.com/mail.aspx?mailbox=john&company=acme%20com
      • https://juggyshop.com/books/download/852741369.pdf
      • https://juggybank.com/login/home.jsp?admin=true
    • Attackers can use web spidering tools such as Burp Suite to scan the web app for POST parameters.
  • HTTP Headers: (?)
    • If the application uses the Referer header for making access control decisions, attackers can modify it to access protected application functionalities.
      GET http://juggyboy:8180/Application/Download?ItemID=201 HTTP/1.1
      Host: janaina:8180
      ...
      Referer: http://juggyboy:8180/Application/Download?Admin=False
      
    • ItemID=201 is not accessible as Admin parameter is set to false, attacker can change it to true and access protected items.
  • In the first step, the attacker collects some cookies set by the web application and analyzes them to determine the cookie generation mechanism.
  • The attacker then traps cookies set by the web application, tampers with its parameters using tools, such as OWASP Zed Attack Proxy, and replay to the application.

Web App Hacking Methodology - Attack Session Management Mechanism

Session Management Attack

  • Attackers break an application's session management mechanism to bypass the authentication controls and impersonate privileged application users.
  • Session Token Generation:
    • Session Tokens Prediction
    • Session Tokens Tampering
  • Session Tokens Handling:
    • Man-In-The-Middle Attack
    • Session Replay
    • Session Hijacking

Attacking Session Token Generation Mechanism

  • Weak Encoding Example:
    • https://www.juggyboy.com/checkout?SessionToken=%75%73%65%72%3D%6A%61%73%6F%6E%3B%61%70%70%3D%61%64%6D%69%6E%3B%64%61%74%65%3D%32%33%2F%31%31%2F%32%30%31%30
    • When hex-encoding of an ASCII string user=jason;app=admin;date=23/11/2010, the attacker can predict another session token by just changing date and use it for another transaction with server.
  • Session Token Prediction:
    • Attackers obtain valid session token by sniffing the traffic or legitimately logging into application and analyzing it for encoding (hex-encoding, Base64) or any pattern.
    • If any meaning can be reverse engineered from the sample of session tokens, attackers attempt to guess the tokens recently issued to other application users.
    • Attackers then make a large number of requests with the predicted tokens to a session-dependent page to determine a valid session token.

Attacking Session Tokens Handling Mechanism: Session Token Sniffing

  • Attackers sniff the application traffic using a sniffing tool such as Wireshark or an intercepting proxy such as Burp. If HTTP cookies are being used as the transmission mechanism for session tokens and the secure flag is not set, attackers can replay the cookie to gain unauthorized access to application.
  • Attacker can use session cookies to perform session hijacking, session replay, and Man-in-the-Middle attacks.

Web App Hacking Methodology - Perform Injection Attacks

Injection Attacks/Input Validation Attacks (?)

  • In injection attacks, attackers supply crafted malicious input that is syntactically correct according to the interpreted language being used in order to break application's normal intended.
  • Web Scripts Injection: If user input is used into dynamically executed code, enter crafted input that breaks the intended data context and executes commands on the server.
  • OS Commands Injection: Exploit operating systems by entering malicious codes in input fields if applications utilize user input in a system-level command.
  • SMTP Injection: Injection arbitrary SMTP commands into application and SMTP server conversation to generate large volumes of spam email.
  • SQL Injection: Enter a series of malicious SQL queries into input fields to directly manipulate the database.
  • LDAP Injection: Take advantage of non-validated web application input vulnerabilities to pass LDAP filters to obtain direct access to databases.
  • XPath Injection: Enter malicious strings in input fields in order to manipulate the XPath query so that it interferes with the application's logic.
  • Buffer Overflow: Injections large amount of bogus data beyond the capacity of the input field.
  • Canonicalization: Manipulate variables that reference files with "dot-dot-slash (../)" to access restricted directories in the application.

Web App Hacking Methodology - Attack Data Connectivity (?)

  • Database connection strings are used to connect applications to database engines.
  • Example of a common connection string used to connect to a Microsofl SQL Server database: "Data Source=Server, Port; Network Library=DBMSSOCN; Initial Catalog=DataBase; User ID=Username; Password=pwd;"
  • Database connectivity attacks exploit the way applications connect to the database instead of abusing database queries.
  • Data Connectivity Attacks:

    • Connection String Injection: A delegated authentication environment in which attackers inject parameters in a connection string by appending them with the semicolon. This can occur when dynamic string concatenation is used to build connection strings according to user input.
    • Connection String Parameter Pollution (CSPP) Attacks: Attackers overwrite parameters values in the connection string.
    • Connection Pool DoS: Attackers examine the connection pooling settings of the target application, construct a large malicious SQL query, and run multiple queries simultaneously to consume all connections in the connection pool, in turn causing database queries to fail for legitimate users.
  • 前提:DB <---Conncetion String (Dynamic)---> Web AP

Connection String Injection (?)

  • In a delegated authentication environment, the attacker injects parameters in a connection string by appending them with the semicolon (;) character.
  • A connection string injection attack can occur when a dynamic string concatenation is used to build connection strings based on user input.
  • Before Injection:
    • "Data Source=Server, Port; Network Library=DBMSSOCN; Initial Catalog=DataBase; User ID=Username; Password=pwd;"
  • After Injection:
    • "Data Source=Server, Port; Network Library=DBMSSOCN; Initial Catalog=DataBase; User ID=Username; Password=pwd;Encryption=off"
  • When the connection string is populated, the Encryption value will be added to the previously configured set of parameters.

The attacker parses the connection string by using a "last one wins" algorithm, and substitutes the hostile input for a legitimate value.

Connection String Parameter Pollution (CSPP) Attacks (?)

  • In CSPP attacks, attackers overwrite parameter values in the connection string.
  • Hash Stealing:
    • Attacker replaces the value of Data Source parameter with that of a Rogue Microsoft SQL Server connected to the Internet running a sniffer.
    • Data source = SQL2005; initial catalog = db1; integrated security=no; user id =;Data Source=Rogue Server;Password=;Integrated Security=true;

      the paremeters "Data Source" and "Integrated Security" are overwritten.

    • Attacker will then sniff Windows credentials (password hashes) when the application tries to connect to Rogue_Server with the Windows credentials it's running on.
  • Port Scanning:
    • Attacker tries to connect to different ports by changing the value and seeing the error messages obtained.
    • Data source = SQL2005; initial catalog = db1; integrated security=no; user id =;Data Source=Target Server, Target Port=443;Password=;Integrated Security=true;

      the connection string will take the last set "Data Source" parameter; the web application will try to connect to "Target Port" on the "Target Server" machine.

  • Hijacking Web Credentials:
    • Attacker tries to connect to the database by using the Web Application System account instead of a user-provided set of credentials.
    • Data source = SQL2005; initial catalog = db1; integrated security=no; user id =;Data Source=Target Server</span>, Target Port;Password=;Integrated Security=true;

      the attacker overwrites "integrated security" parameter with a value equal to "true."

Connection Pool DoS (?)

  • Attacker examines the connection pooling settings of the application, constructs a large malicious SQL query, and runs multiple queries simultaneously to consume all connections in the connection pool, causing database queries to fail for legitimate users.
  • Example: By default in ASP.NET, the maximum allowed connections in the pool is 100 and timeout is 30 seconds.
  • Thus, an attacker can run 100 multiple queries with 30+ seconds execution time within 30 seconds to cause a connection pool DoS such that no one else would be able to use the database-related parts of the application.

Web App Hacking Methodology - Attack Web App Client (?)

  • Attackers interact with the server-side applications in unexpected ways in order to perform malicious actions against the end users and access unauthorized data.
  • Cross-Site Scripting: An attacker bypasses the clients ID's security mechanism and obtains access privileges, and then injects malicious scripts into the web pages of a website. These malicious scripts can even rewrite the HTML content of the website.
  • HTTP Header Injection: Attackers splits an HTTP response into multiple responses by injecting a malicious response in an HTTP header. By doing so, attackers can deface websites, poison the cache, and trigger cross-site scripting.
  • Request Forgery Attack: In a request forgery attack, attackers exploit the trust of a website or web application on a user's browser. The attack works by including a link on a page, which takes the user to an authenticated website.
  • Privacy Attacks: A privacy attack is tracking performed with the help of a remote site by employing a leaked persistent browser state.
  • Redirection Attacks: Attackers develop codes and links that resemble a legitimate site that a user wants to visit; however, in so doing, the URL redirects the user to a malicious website on which attackers could potentially obtain the user's credentials and other sensitive information.
  • Frame Injection: When scripts do not validate their input, attackers inject codes through frames. This affects all the browsers and scripts, which do not validate untrusted input. These vulnerabilities occur in HTML pages with frames. Another reason for this vulnerability is that web browsers support frame editing.

    框架注入攻擊是針對Internet Explorer 5、Internet Explorer 6、與 Internet Explorer 7攻擊的一種。這種攻擊導致Internet Explorer不檢查結果框架的目的網站,因而允許任意代碼像Javascript或者VBScript跨框架存取。這種攻擊也發生在代碼透過多框架注入,肇因於腳本並不確認來自多框架的輸入。這種其他形式的框架注入會影響所有的不確認不受信任輸入的各廠牌瀏覽器和腳本。

  • Session Fixation: Session fixation helps attackers hijack valid user sessions. They authenticate themselves using a known session ID, and then use the already known session ID to hijack a user-validated session. Thus, attackers trick the users into accessing a genuine web server using an existing session ID value.
  • ActiveX Attacks: Attackers lure victims via email or via a link that attackers have constructed in such a way that loopholes of remote execute code become accessible, allowing the attackers to obtain access privileges equal to that of an authorized user.

Web App Hacking Methodology - Attack Web Services

  • Web services work atop the legacy web applications, and any attack on web service will immediately expose an underlying application's business and logic vulnerabilities for various attacks.
  • Various types of attacks used to attack web services are:
    • SOAP Injection
    • XML Injection
    • WSDL Probing Attacks
    • Information Leakage
    • Application Logic Attacks
    • Database Attacks

Web Services Probing Attacks (?)

  1. The attacker traps the WSDL document from web service traffic and analyzes it to determine the purpose of the application, functional break down, entry points, and message types.
  2. Attacker then creates a set of valid requests by selecting a set of operations, and formulating the request messages according to the rules of the XML Schema that can be submitted to the web service.
  3. Attacker uses these requests to include malicious contents in SOAP requests and analyzes errors to gain a deeper understanding of potential security weaknesses.

Web Service Attacks: SOAP Injection (?)

  • Attacker injects malicious query strings in the user input field to bypass web services authentication mechanisms and access backend databases.
  • This attack works similarly to SQL Injection attacks.

Simple Object Access Protocol (SOAP) is a lightweight and simple XML-based protocol designed to exchang structured and type information on the web.

Web Service Attacks: XML Injection (?)

  • Attackers inject XML data and tags into user input fields to manipulate XML schema or populate XML database with bogus entries.
  • XML injection can be used to bypass authorization, escalate privileges, and generate web services DoS attacks.

Web applications sometimes use XML to store data such as user credentials in XML documents.

Web Services Parsing Attacks (?)

  • Parsing attacks exploit vulnerabilities and weaknesses in the processing capabilities of the XML parser to create a denial-of-service attack or generate logical errors in web service request processing.
  • Recursive Payloads: Attacker queries for web services with a grammatically correct SOAP document that contains infinite processing loops resulting in exhaustion of XML parser and CPU resources.
  • Oversize Payloads: Attackers send a payload that is excessively large to consume all systems resources rendering web services inaccessible to other legitimate users.

Parsing is possible when the attacker executes the .bat (batch) or .cmd (command) files.

Web Service Attack Tools: SoapUI and XMLSpy (?)

  • SoapUI:
    • SoapUI is a web service testing tool which supports multiple protocols such as SOAP, REST, HTTP, JMS, AMF, and JDBC.
    • Attacker can use this tool to carry out web services probing, SOAP injection, XML injection, and web services parsing attacks.
  • XMLSpy:
    • Altova XMLSpy is the XML editor and development environment for modeling, editing, transforming, and debugging XML-related technologies.

Q1) SOAP is used to package and exchange information for web services. What does SOAP use to format this information?

  1. XML
  2. HTML
  3. HTTP
  4. Unicode

A1) SOAP formats its information exchange in XML.

Q2) Which of the following best describes a web application?

  1. Code designed to be run on the client
  2. Code designed to be run on the server
  3. SQL code for databases
  4. Targeting of web services

A2) A web application is code designed to be run on the server with the results sent to the client for presentation.

Q3) What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

  1. Injecting parameters into a connection string using semicolons as a separator
  2. Inserting malicious Javascript code into input parameters
  3. Setting a user's session identifier (SID) to an explicit known value
  4. Adding multiple parameters with the same name in HTTP requests

Q4) A security administrator monitoring logs comes across a user login attempt that reads “UserJoe)(&).” What can you infer from this username login attempt? (?)

  1. The attacker is attempting SQL injection.
  2. The attacker is attempting LDAP injection.
  3. The attacker is attempting SOAP injection.
  4. The attacker is attempting directory traversal.

results matching ""

    No results matching ""