This section provides information for penetration testers. Some of this content is in other sections of this website already (The library). I just created this page as a quick reference. Please, if you feel I that I've missed a important link or document.
The best way to find information is to use our search engine on the right.
Articles:
Penetration Testing for Web Applications (Part One)
Penetration Testing for Web Applications (Part Two)
Penetration Testing for Web Applications (Part Three)
Site Sections:
SQL Injection Page
Cross Site Scripting (XSS)
Session ID Attacks:
Brute-Force Exploitation of Web Application Session IDs, November 1, 2001 (PDF)
- David Endler iDefense
Session Fixation Vulnerability in Web-based Applications v1.0, December 2002 (PDF)
- ACROS Security
Cookie Modification and Poisoning:
Hacking Web Applications Using Cookie Poisoning, 2002 (PDF)
- Amit Klein/sanctuminc
HTTP Header Modification:
Header Based Exploitation: Web Statistical Software Threats, January 2002 (TXT)
- http://www.cgisecurity.com/
TCP Port 80 - HyperText Transfer Protocol (HTTP) Header Exploitation, Sept 11th 2002 (HTML)
- William Bellamy Jr.
CRLF Injection, (TXT)
- Ulf Harnhammar
Log Forensics:
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures. , November 2001 (TXT)
- http://www.cgisecurity.com/
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two., March 2002 (TXT) (HTML)
- http://www.cgisecurity.com/
Web Application Forensics: The Uncharted Territory, 2002 (PDF)
- Ory Segal/sanctuminc
Note: This paper has been posted for its information base only, and we in no way promote or support the products mentioned within.
PHP:
A Study in Scarlet: Exploiting Common Vulnerabilities in PHP Applications (TXT) (Spanish) (French)
"A reprint of reminisces from the Blackhat Briefings Asia 2001"
- Shaun Clowes, SecureReality
Secure Programming in PHP, January 30, 2002 (HTML)
- Thomas Oertli
Perl:
CGI/Perl Taint Mode FAQ, June 3rd, 1998 (HTML)
- Gunther Birznieks
Security Issues in Perl Scripts (HTML)
- Jordan Dimov
Misc Documentation:
Application Security Assessments: Advice on Assessing your Custom Application, 2002 (HTML)
- Gunter Ollmann
Ethical Hacking Techniques to Audit and Secure Web-enabled Applications (PDF)
- sanctuminc
LDAP Injection: Are your web applications vulnerable?, July 28th 2003 (Remote Copy)
- SPI LABS
Application Penetration test (SAMPLE)
- Imperva
원문 : http://www.cgisecurity.com
The best way to find information is to use our search engine on the right.
Articles:
Penetration Testing for Web Applications (Part One)
Penetration Testing for Web Applications (Part Two)
Penetration Testing for Web Applications (Part Three)
Site Sections:
SQL Injection Page
Cross Site Scripting (XSS)
Session ID Attacks:
Brute-Force Exploitation of Web Application Session IDs, November 1, 2001 (PDF)
- David Endler iDefense
Session Fixation Vulnerability in Web-based Applications v1.0, December 2002 (PDF)
- ACROS Security
Cookie Modification and Poisoning:
Hacking Web Applications Using Cookie Poisoning, 2002 (PDF)
- Amit Klein/sanctuminc
HTTP Header Modification:
Header Based Exploitation: Web Statistical Software Threats, January 2002 (TXT)
- http://www.cgisecurity.com/
TCP Port 80 - HyperText Transfer Protocol (HTTP) Header Exploitation, Sept 11th 2002 (HTML)
- William Bellamy Jr.
CRLF Injection, (TXT)
- Ulf Harnhammar
Log Forensics:
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures. , November 2001 (TXT)
- http://www.cgisecurity.com/
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two., March 2002 (TXT) (HTML)
- http://www.cgisecurity.com/
Web Application Forensics: The Uncharted Territory, 2002 (PDF)
- Ory Segal/sanctuminc
Note: This paper has been posted for its information base only, and we in no way promote or support the products mentioned within.
PHP:
A Study in Scarlet: Exploiting Common Vulnerabilities in PHP Applications (TXT) (Spanish) (French)
"A reprint of reminisces from the Blackhat Briefings Asia 2001"
- Shaun Clowes, SecureReality
Secure Programming in PHP, January 30, 2002 (HTML)
- Thomas Oertli
Perl:
CGI/Perl Taint Mode FAQ, June 3rd, 1998 (HTML)
- Gunther Birznieks
Security Issues in Perl Scripts (HTML)
- Jordan Dimov
Misc Documentation:
Application Security Assessments: Advice on Assessing your Custom Application, 2002 (HTML)
- Gunter Ollmann
Ethical Hacking Techniques to Audit and Secure Web-enabled Applications (PDF)
- sanctuminc
LDAP Injection: Are your web applications vulnerable?, July 28th 2003 (Remote Copy)
- SPI LABS
Application Penetration test (SAMPLE)
- Imperva
원문 : http://www.cgisecurity.com
728x90
댓글