The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

@inproceedings{Stuttard2007TheWA,
  title={The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws},
  author={Dafydd Stuttard and Marcus Pinto},
  year={2007}
}
Introduction xxiii Chapter 1 Web Application (In)security 1 Chapter 2 Core Defense Mechanisms 17 Chapter 3 Web Application Technologies 39 Chapter 4 Mapping the Application 73 Chapter 5 Bypassing Client-Side Controls 117 Chapter 6 Attacking Authentication 159 Chapter 7 Attacking Session Management 205 Chapter 8 Attacking Access Controls 257 Chapter 9 Attacking Data Stores 287 Chapter 10 Attacking Back-End Components 357 Chapter 11 Attacking Application Logic 405 Chapter 12 Attacking Users… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 110 CITATIONS

XCS: cross channel scripting and its impact on web applications

  • ACM Conference on Computer and Communications Security
  • 2009
VIEW 10 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study

  • 2016 12th European Dependable Computing Conference (EDCC)
  • 2016
VIEW 4 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

Designing vulnerability testing tools for web services: approach, components, and tools

  • International Journal of Information Security
  • 2016
VIEW 9 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

Hands-On Teaching of Software and Web Applications Security

  • 2013 3rd Interdisciplinary Engineering Design Education Conference
  • 2013
VIEW 7 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Black-Box assessment of Web systems security

VIEW 10 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

An Overview of Penetration Testing

VIEW 4 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services

  • 2011 IEEE International Conference on Services Computing
  • 2011
VIEW 4 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

The Security of Hypertext Transfer Protocol

VIEW 4 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Design considerations for a honeypot for SQL injection Attacks

  • 2009 IEEE 34th Conference on Local Computer Networks
  • 2009
VIEW 4 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2008
2019

CITATION STATISTICS

  • 21 Highly Influenced Citations