Table Of ContentW 2.0 S :
EB ECURITY
D A , RIA,
EFENDING JAX
SOA
AND
S S
HREERAJ HAH
Charles River Media
A part of Course Technology, Cengage Learning
Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States
Publisher and General Manager, © 2008 Course Technology, a part of Cengage Learning.
Course Technology PTR:Stacy L. Hiquet
ALL RIGHTS RESERVED. No part of this work covered by the copyright
Associate Director of Marketing:
Sarah Panella herein may be reproduced, transmitted, stored, or used in any form or by
any means graphic, electronic, or mechanical, including but not limited to
Manager of Editorial Services:Heather
photocopying, recording, scanning, digitizing, taping, Web distribution,
Talbot
information networks, or information storage and retrieval systems, except
Marketing Manager: Mark Hughes as permitted under Section 107 or 108 of the 1976 United States Copyright
Senior Acquisitions Editor:Mitzi Koontz Act, without the prior written permission of the publisher.
Project Editor: Karen A. Gill
Copy Editor:Ruth Saavedra
For product information and technology assistance, contact us at
Technical Reviewer:Jaelle Scheuerman Cengage Learning Customer & Sales Support, 1-800-354-9706
CRM Editorial Services Coordinator:
Jen Blaney For permission to use material from this text or product,
submit all requests online at cengage.com/permissions
Interior Layout Tech:Judith Littlefield
Further permissions questions can be emailed to
Cover Designer:Tyler Creative Services
[email protected]
CD-ROM Producer:Brandon Penticuff
Indexer: Kevin Broccoli Library of Congress Control Number: 2007939356
Proofreader:Sue Boshers
ISBN-13: 978-1-58450-550-1
ISBN-10: 1-58450-550-8
eISBN-10: 1-58450-606-7
Course Technology
25 Thomson Place
Boston, MA 02210
USA
Cengage Learning is a leading provider of customized learning solutions
with office locations around the globe, including Singapore, the United
Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at:
international.cengage.com/region
Cengage Learning products are represented in Canada by
Nelson Education, Ltd.
For your lifelong learning solutions, visit courseptr.com
Visit our corporate website at cengage.com
Printed in the United States of America
1 2 3 4 5 6 7 11 10 09 08
This book is dedicated to my grandmother (Vasuben),
mother (Rekhaben), and sisters (Reena and Rajvee)
for their love, support, and guidance.
I am deeply thankful for their help through all these years.
This page intentionally left blank
Contents
Acknowledgments xi
About the Author xiii
Introduction xv
1 Web 2.0 Introduction and Security 1
Web 2.0—An Agent of Change 2
Driving Factors for Web 2.0 and Its Impact on Security 2
Path of Evolution: A Look Back in Time and a Peek Ahead 3
Web 2.0: Technology Vectors and Architecture 4
Web 2.0 Application Information Sources and Flow 7
Real-Life Web 2.0 Application Examples 8
Growing Web 2.0 Security Concerns 9
Web 2.0 Real-Life Security Cases 11
Conclusion 12
2 Overview of Web 2.0 Technologies 13
Web 2.0 Technology Layers: Building Blocks for
Next Generation Applications 14
Client Layer 15
Rich Internet Applications 24
Protocol Layer 27
Structure Layer 35
Server Layer 40
Conclusion 45
v
vi Contents
3 Web 2.0 Security Threats, Challenges, and Defenses 47
Web 2.0 Security Landscape 47
Web 2.0 Security Cycle and Changing Vectors 49
Web 2.0 Attack Points and Layered Threats 53
Conclusion 70
4 Web 2.0 Security Assessment Approaches, Methods, and Strategies 71
Web 2.0 Security Assessment 71
Web 2.0 Application Assessment Methods 72
Conclusion 77
5 Web 2.0 Application Footprinting 79
Web 2.0 Footprinting Basics 79
Web Services Footprinting 87
Footprinting Countermeasures 92
Conclusion 93
6 Web 2.0 Application Discovery, Enumeration, and Profiling 95
Web 2.0 Application Discovery: Problem Domain 96
Web 2.0 Application Discovery with Protocol Analysis 96
Dynamic DOM Event Manipulation 103
Crawling Ajax-Based Pages 105
Page Profiling and Linkage Analysis 111
Web Services Discovery and Profiling 112
Conclusion 117
7 Cross-Site Scripting with Web 2.0 Applications 119
XSS 120
XSS Basics 120
XSS and Serialization with Applications 128
Conclusion 136
Contents vii
8 Cross-Site Request Forgery with Web 2.0 Applications 137
CSRF Overview 137
CSRF with the POSTMethod 144
Web 2.0 Applications and CSRF 145
CSRF and Getting Cross-Domain Information Access 151
Conclusion 158
9 RSS, Mashup, and Widget Security 159
Cross-Domain Security 160
RSS Security and Attacks 170
Mashup Security 176
Widget Security 179
Conclusion 181
10 Web 2.0 Application Scanning and Vulnerability Detection 183
Fingerprinting Web 2.0 Technologies 184
Ajax Framework and Vulnerabilities 190
Fingerprinting RIA Components 191
Scanning Ajax Code for DOM-Based XSS 194
RIA- and Flash-Based Component Decompilation 200
CSRF Vulnerability Detection with Web 2.0 Applications 202
JavaScript Client-Side Scanning for Entry Points 203
Debugging JavaScript for Vulnerability Detection 207
Conclusion 212
11 SOA and Web Services Security 213
Real-Life Example of SOA 214
SOA Layered Architecture 215
SOA Server-Side Architecture and Code 217
Web Services and SOA Security Framework 218
XML Message: A Torpedo of Web 2.0 Applications 220
viii Contents
SOA Threat Framework 221
SOA Security Challenges and Technology Vectors 235
Conclusion 236
12 SOA Attack Vectors and Scanning for Vulnerabilities 237
Profiling and Invoking Web Services 238
Technology Fingerprinting and Enumeration 242
XML Poisoning 245
Parameter Tampering 247
SQL Injection with SOAP Manipulation 256
XPATH Injection 258
LDAP Injection with SOAP 263
Directory Traversal and Filesystem Access Through SOAP 268
Operating System Command Execution Using Vulnerable Web Services 272
SOAP Message Brute Forcing 276
Session Hijacking with Web Services 279
Conclusion 280
13 Web 2.0 Application Fuzzing for Vulnerability Detection and
Filtering for Countermeasures 281
Web 2.0 Application Fuzzing 281
Web 2.0 Application Firewall and Filtering 288
Conclusion 303
14 Web 2.0 Application Defenses by Request Signature and
Code Scanning 305
Ajax Request Signature for Web 2.0 Applications:
Defense Against CSRF and XSS 306
Source Code Review and Vulnerability Identification 312
Conclusion 318
Contents ix
15 Resources for Web 2.0 Security: Tools, Techniques,
and References 319
Discovery and Analysis Through a Proxy 320
Browser Plug-Ins for HTTP Traffic 323
JavaScript and Greasemonkey 324
Browser Automation 327
XSS Exploitation 329
Metasploit 3.0 and the Web 2.0 Layer 334
DOM and Developer Tools 336
XSS Attacks and Assistant 337
XSS and CSRF Defense Reference 338
SOAP Clients in Various Languages 340
SOAP Quick Reference 341
WSDL Quick Reference 342
UDDI Quick Reference 343
SOA Technologies 344
Web 2.0–Specific Resource Extensions for Files 344
SOA Checklist 345
Ajax Security Checklist 346
Web 2.0–Related Published Vulnerabilities 347
Index 353
Description:Service-Oriented Architecure (SOA), Rich Internet Applications (RIA), and Asynchronous Java and eXtended Markup Language (Ajax) comprise the backbone behind now-widespread Web 2.0 applications, such as MySpace, Google Maps, Flickr, and Live.com. Although these robust tools make next-generation Web a
