issuhub.com

AJAX - The Complete Reference

(avery) #1

286 Part II: Developing an Ajax Library^


What They

Want to Know

Why They Want

to Know It How They Determine It Possible Countermeasures

Web

application

framework

To look for bugs

specific to the

development

environment

To look for

sessioning

exploits

To look for

configuration or

admin access

defaults to

administration

of determined

framework

Looking at the file extensions

(.php, .aspx, and so on)

Looking for session cookie

header and vanity X-Powered-

By headers in responses

Seeing if error messages

indicate type, version, and setup

of a framework

Looking for configuration and

Web interface logins

Changing to .html or simply removing

or rewriting file extensions

Modifying session cookie name default

to be generic or masking it. Removing

X- response headers

Deploying sanitized error messages

Moving standard admin locations

and changing default usernames and

passwords

Database

used

To understand

SQL injection

syntax

possibilities

To determine if

known exploits

exists

To see if direct

admin access to

DB can be found

Looking at error messages by

triggering some problem on a

database driven page

Using a network scanner to

see what ports are open to the

database and trying to attach

with an admin tool

Sanitizing your error messages

Setting firewall appropriately and

changing administrator defaults. In

general, avoiding using administrative

accounts for Web application access

Details about

application

structure and

construction

To determine

what inputs

and types are

accepted by the

application to see

if some can be

manipulated for

error, XSS exploit,

or even access

Spidering the site and pulling out

the names of form fields, scripts,

and other inputs

Looking at robots.txt file for

protected areas

Looking for files left on software

with extensions like .bak, .tmp,

.old, or various scratch file

names Web editors use as they

may be fetched in some cases

without execution (for example,

Foo.php.bak)

Using Google to see what they

have indexed

Using nonmeaningful names for fields in

deployed code if not to be scripted

Putting a blank file in or adding in

purposeful tripwire directories that don’t

exist to monitor for access

Removing all scratch files from site. Not

indicating editor used to build pages

in <meta> tags in HTML. Obfuscating

script on server in case it is exposed

accidentally so as not to reveal secrets

like DB access passwords

Making sure you are aware of what

Google indexes.

TABLE 7-1 Web Application Reconnaissance Goals, Methods, and Countermeasures (continued)
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.