Monday, January 12, 2009

Web Applications Issues

* Scripting issues
* Sources of input: forms, text boxes, dialog windows, etc.
* Multiple Charest Encoding (UTF-8, ISO-8859-15, UTF-7, etc.)
* Regular expression checks
* Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
* Session handling/fixation
* Cookies
* Framework vulnerabilities(Java Server Pages, .NET, Ruby On Rails, Django, etc.)
* Success control: front door, back door vulnerability assessment
* Penetration attempts versus failures.

No comments: