4. Access Controls Flaws
Bypass a Path Based Access Control Scheme
Bypass Business Layer Access Control
Bypass Data Layer Access Control
www.nethemba.com
9. AJAX Security
Client Side Filtering
Same Origin Policy (SOP) Protection
XML Injection
JSON Injection
Dangerous Use of Eval
www.nethemba.com
10. Used tools
WebGoat project
http://www.owasp.org/index.php/Category:OWASP_WebGoat_P
WebScarab
http://www.owasp.org/index.php/Category:OWASP_WebScarab
Tamperdata http://tamperdata.mozdev.org/
LiveHTTPHeaders http://livehttpheaders.mozdev.org/
Add N Edit Cookies
https://addons.mozilla.org/enUS/firefox/addon/573
www.nethemba.com
11. References
New Web Applications Attacks
http://www.nethemba.com/new_web_attacksnethe
LAMP and PHP security hardening (in Slovak
language)
http://www.nethemba.com/phpsec.pdf
www.nethemba.com
12. Thank you for
listening!
Ing. Pavol Lupták, CISSP, CEH
pavol.luptak@nethemba.com
www.nethemba.com