The document discusses various techniques for hacking web applications and web services, including:
1. Profiling infrastructure, attacking authentication and authorization, exploiting data connectivity, attacking client-side vulnerabilities, and denial of service attacks against web applications.
2. Using automated scanning tools to discover servers, services, and vulnerabilities. Common vulnerabilities in Apache, SQL injection, and insecure web service descriptions are described.
3. Attacking web application management interfaces through insecure protocols like Telnet and exploiting features like WebDAV that allow remote file manipulation.
26. The sheer number of Web server software vulnerabilities that have been published makes this one of the first and usually most fruitful areas of research for a Web hacker.
66. but requires a few trial runs to perfect against a server.AURL with a large number of trailing slashes
67. Note that most Apache servers cannot handle at all aURLlonger than about 8,000 characters.
68.
69.
70.
71. But, The attack can be performed directly on the URL with a browser or from the command line using netcat
72.
73.
74. Unnecessary files include password files, developer notes, old data, backup versions of the site, and any file that will never be touched by a browser or required by the application.
75.
76.
77. Unfortunately, it is not easy to identify when a server is using mod_rewrite, or if the configuration is vulnerable.
78. A vulnerable server has a RewriteRule that maps a URL to a local page that is referenced by it's complete pathname.
91. A common SQL structure uses the tick to delimit variables within the query strSQL = "select userid from users where password = '" + password + "'";
92.
93.
94. The unclosed quotation mark indicates a vulnerable query. Plus, the error contains “@UserID=182”, which provides us with a field name and the specific UserID we have been assigned.
95.
96. That the data are being passed to a stored procedure named getAdminHome1.
100. Generate an ODBC error once more, but the @UserID variable has not been declared. This drives home the point of how difficult it is to break a stored procedure.
101. The SiteID variable is placed into the SiteID portion of the SQL statement.
102.
103. can change our UserID. Unfortunately, there are now two UserID parameters in the function call.
104.
105.
106.
107. the best way to accomplish this is through the “try, catch, finally” method of exception handling.
108.
109. String concatenation is the bane of a secure SQL statement because it provides the easiest way for a user to manipulate the statement with tick marks.
110. Input validation should be performed on the Web server and items in the database should be strongly typed.
111. A field that only uses numeric values should be a type INT, not a VARCHAR.
120. It will be run applications from other applications (php, asp, java, python) through web pages.
121. Service of a document that describes WS features of Corporate Services.
122. And offered the public aware WS users can search without having to know physical address of an application or program.
123. Web Services is a new generation of services in the web industry. Users simply pull services On the Web. Language is the core of the Web development XML.
124.
125. SOAP (Simple Object Access Protocol) protocol to run Component to run across a cross-platform, cross language (asp.net, c #, php, perl, java, python, delphi). this protocol works with HTTP protocol and message format to communicate with language XML.
126.
127.
128. The <portType> element defines the semantics of the message passing (for example, request-only, request-response, response-only).
129. The <binding> element specifies various encodings over a specified transport such as HTTP, HTTPS, or SMTP.
130.
131. The <portType> element defines the semantics of the message passing (for example, request-only, request-response, response-only).
132. The <binding> element specifies various encodings over a specified transport such as HTTP, HTTPS, or SMTP.
136. To publish a deployed Web service using DISCO, you simply need to create a .disco file and place it in the Web service’s virtual root directory (vroot) along with the other service-related files (such as .asmx, .wsdl, .xsd, and other file types).
137. The .disco document is an XML document that contains links to other resources that describe the Web service, much like a WSDL file containing the interface contract.
138.
139.
140.
141.
142. XML Encryption A companion to XML Signature, it addresses the encryption and decryption of XML documents and portions of those documents.
143.
144. Security Assertion Markup Language (SAML) Format for sharing authentication and authorization information.
148. SSH1 also vulnerable to attack makes it easy. You should use SSH2 to which the security is higher.
149.
150.
151.
152. The only exception we’d make to this rule is if access to the FTP service is restricted to a certain small range of IP addresses.
153.
154. There is a utility called Secure Copy (scp) that is available to connect to SSH services and perform file transfers right over (authenticated and encrypted) SSH tunnels.
155.
156. POST Used to post files to collections (this is a standard HTTP method that will likely see different use with WebDAV).