ebook img

Hacking Exposed Web Applications PDF

416 Pages·2004·5.79 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Hacking Exposed Web Applications

Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen Blind FolioFM:i HACKING EXPOSED ™ WEB APPLICATIONS JOEL SCAMBRAY MIKE SHEMA McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:19 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen Blind FolioFM:ii ABOUT THE AUTHORS Joel Scambray Joel Scambray is co-author of Hacking Exposed (http://www .hackingexposed.com),theinternationalbest-sellingInternetsecuritybookthat reacheditsthirdeditioninOctober2001.HeisalsoleadauthorofHackingEx- posedWindows2000,thedefinitiveinsider’sanalysisofMicrosoftproductsecurity, releasedinSeptember2001andnowinitssecondforeignlanguagetranslation. Joel’spastpublicationshaveincludedhisco-foundingroleasInfoWorld’sSecu- rity Watch columnist, InfoWorld Test Center Analyst, and inaugural author of Microsoft’sTechNetAskUsAbout...Securityforum. Joel’swritingdrawsprimarilyonhisyearsofexperienceasanITsecurity consultantforclientsrangingfrommembersoftheFortune50tonewlymintedstartups,wherehe hasgainedextensive,field-testedknowledgeofnumeroussecuritytechnologies,andhasdesigned andanalyzedsecurityarchitecturesforavarietyofapplicationsandproducts.Joel’sconsultingex- perienceshavealsoprovidedhimastrongbusinessandmanagementbackground,ashehasper- sonally managed several multiyear, multinational projects; developed new lines of business accountingforsubstantialannualrevenues;andsustainednumerousinformationsecurityenter- prisesofvarioussizesoverthelastfiveyears.Healsomaintainshisowntestlaboratory,wherehe continuestoresearchthefrontiersofinformationsystemsecurity. JoelspeakswidelyoninformationsystemsecurityfororganizationsincludingTheComputer Security Institute, ISSA, ISACA, private companies, and government agencies. He is currently ManagingPrincipalwithFoundstoneInc.(http://www.foundstone.com),andpreviouslyheldpo- sitionsatErnst&Young,InfoWorld,andasDirectorofITforamajorcommercialrealestatefirm. Joel’sacademicbackgroundincludesadvanceddegreesfromtheUniversityofCaliforniaatDavis andLosAngeles(UCLA),andheisaCertifiedInformationSystemsSecurityProfessional(CISSP). —Joel Scambray can be reached at [email protected]. Mike Shema MikeShemaisaPrincipalConsultantofFoundstoneInc.wherehehasperformeddozensofWeb application security reviews for clients including Fortune 100 companies, financial institutions, andlargesoftwaredevelopmentcompanies.Hehasfield-testedmethodologiesagainstnumerous Webapplicationplatforms,aswellasdevelopingsupporttoolstoautomatemanyaspectsoftest- ing.HisworkhasledtothediscoveryofvulnerabilitiesincommercialWebsoftware.Mikehasalso writtentechnicalcolumnsaboutWebserversecurityforSecurityFocusandDevX.Hehasalsoap- pliedhissecurityexperienceasaco-authorforTheAnti-HackerToolkit.Inhissparetime,Mikeisan avidrole-playinggamer.HeholdsB.S.degreesinElectricalEngineeringandFrenchfromPenn StateUniversity. —Mike Shema can be reached at [email protected]. P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:19 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen Blind FolioFM:iii About the Contributing Authors Yen-Ming Chen Yen-MingChen(CISSP,MCSE)isaPrincipalConsultantatFoundstone,whereheprovidessecu- rityconsultingservicetoclients.Yen-Minghasmorethanfouryearsexperienceadministrating UNIXandInternetservers.Healsohasextensiveknowledgeintheareaofwirelessnetworking, cryptography, intrusion detection, and survivability. His articles have been published on SysAdmin, UnixReview, and other technology-related magazines. Prior to joining Foundstone, Yen-Ming worked in the CyberSecurity Center in CMRI, CMU, where he worked on an agent-basedintrusiondetectionsystem.Healsoparticipatedactivelyinanopensourceproject, “snort,”whichisalight-weightednetworkintrusiondetectionsystem.Yen-MingholdshisB.S.of MathematicsfromNationalCentralUniversityinTaiwanandhisM.S.ofInformationNetworking from Carnegie Mellon University. Yen-Ming is also a contributing author of Hacking Exposed, ThirdEdition. David Wong DavidisacomputersecurityexpertandisPrincipalConsultantatFoundstone.Hehasperformed numeroussecurityproductreviewsaswellasnetworkattackandpenetrationtests.Davidhaspre- viouslyheldasoftwareengineeringpositionatalargetelecommunicationscompanywherehede- velopedsoftwaretoperformreconnaissanceandnetworkmonitoring.Davidisalsoacontributing authorofHackingExposedWindows2000andHackingExposed,ThirdEdition. P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:20 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen Blind FolioFM:iv McGraw-Hill/Osborne 2600 Tenth Street Berkeley, California 94710 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, pleasecontactMcGraw-Hill/Osborneattheaboveaddress.Forinformationontransla- tionsorbookdistributorsoutsidetheU.S.A.,pleaseseetheInternationalContactInfor- mation page immediately following the index of this book. Hacking Exposed™ Web Applications Copyright©2002byJoelScambrayandMikeShema.Allrightsreserved.Printedinthe UnitedStatesofAmerica.ExceptaspermittedundertheCopyrightActof1976,nopartof thispublicationmaybereproducedordistributedinanyformorbyanymeans,orstored inadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofpublisher,with theexceptionthattheprogramlistingsmaybeentered,stored,andexecutedinacom- puter system, but they may not be reproduced for publication. 1234567890 FGR FGR 0198765432 ISBN 0-07-222438-X Publisher Indexer Brandon A. Nordin Valerie Perry Vice President & Associate Publisher Computer Designers Scott Rogers Elizabeth Jang SeniorAcquisitions Editor Melinda Moore Lytle Jane Brownlow Illustrators Project Editor Michael Mueller Patty Mon Lyssa Wald Acquisitions Coordinator Series Design Emma Acker Dick Schwartz Technical Editor Peter F. Hancik Yen-Ming Chen Cover Series Design Copy Editor Dodie Shoemaker Claire Splan Proofreader Paul Tyler This book was composed with Corel VENTURA™ Publisher. InformationhasbeenobtainedbyMcGraw-Hill/Osbornefromsourcesbelievedtobereliable.However,becauseofthe possibilityofhumanormechanicalerrorbyoursources,McGraw-Hill/Osborne,orothers,McGraw-Hill/Osbornedoesnot guaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsorthe resultsobtainedfrom the use of such information. P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 3:08:11 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen Blind FolioFM:v Dedication To those who fight the good fight, every minute, every day. —Joel Scambray For Mom and Dad, who opened so many doors for me; and for my brothers, David and Steven, who are more of an inspiration to me than they realize. —Mike Shema P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:20 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen Blind FolioFM:vi This page intentionally left blank P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:20 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen AT A GLANCE Part I Reconnaissance t 1 Introduction to Web Applications and Security . . . . . . . . . . 3 t 2 Profiling . . . . . . . . . . . . . . . . . . . . . . 25 t 3 Hacking Web Servers . . . . . . . . . . . . . . 41 t 4 Surveying the Application . . . . . . . . . . . 99 Part II The Attack t 5 Authentication . . . . . . . . . . . . . . . . . . . 131 t 6 Authorization . . . . . . . . . . . . . . . . . . 161 t 7 Attacking Session State Management . . . . . 177 t 8 Input Validation Attacks . . . . . . . . . . . . 201 t 9 Attacking Web Datastores . . . . . . . . . . . 225 t 10 Attacking Web Services . . . . . . . . . . . . . 243 t 11 Hacking Web Application Management . . . 261 t 12 Web Client Hacking . . . . . . . . . . . . . . . 277 t 13 Case Studies . . . . . . . . . . . . . . . . . . . 299 vii P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:21 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen viii Hacking Exposed Web Applications Part III Appendixes t A Web Site Security Checklist . . . . . . . . . . . 311 t B WebHackingToolsand TechniquesCribsheet . . . . . . . . . . . . . 317 t C Using Libwhisker . . . . . . . . . . . . . . . . 333 t D UrlScan Installation and Configuration . . . . 345 t E About the Companion Web Site. . . . . . . . . 371 t Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:21 PM Color profile: Generic CMYK printer profileProLib8/ Hacking Exposed Web Applications / Scambray, Shema / 222438-x/ Front Matter Composite Default screen CONTENTS Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part I Reconnaissance t 1 Introduction to Web Applications and Security . . . . . . . . . . . . . . . . 3 The Web Application Architecture . . . . . . . . . . . . . . . . . . 5 A Brief Word about HTML . . . . . . . . . . . . . . . . . . . 6 Transport: HTTP . . . . . . . . . . . . . . . . . . . . . . . . . 7 The Web Client . . . . . . . . . . . . . . . . . . . . . . . . . . 11 The Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . 12 The Web Application . . . . . . . . . . . . . . . . . . . . . . . 13 The Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Complications and Intermediaries . . . . . . . . . . . . . . . 16 The New Model: Web Services . . . . . . . . . . . . . . . . . 18 Potential Weak Spots . . . . . . . . . . . . . . . . . . . . . . . . . . 19 The Methodology of Web Hacking . . . . . . . . . . . . . . . . . . 20 Profile the Infrastructure . . . . . . . . . . . . . . . . . . . . . 20 Attack Web Servers . . . . . . . . . . . . . . . . . . . . . . . . 20 Survey the Application . . . . . . . . . . . . . . . . . . . . . . 20 Attack the Authentication Mechanism . . . . . . . . . . . . . 21 Attack the Authorization Schemes . . . . . . . . . . . . . . . 21 Perform a Functional Analysis . . . . . . . . . . . . . . . . . 21 ix P:\010Comp\Hacking\438-x\fm.vp Thursday, May 30, 2002 2:17:21 PM

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.