Το θέμα και η περίληψη της εργασίας έχει ως εξής:
Attacking Web Applications: Methodology and Tools
Web applications are those that are accessed using a web browser to communicate with a web server. They include a wide variety of different technologies, such as databases, file systems, and web services.
As with any new area of technology, they have brought with them a new range of security vulnerabilities. The most serious attacks against web applications are those that expose sensitive data or gain unrestricted access to the back-end systems on which the application is running. In fact, the majority of web applications are insecure, despite the widespread usage of SSL technology and the adoption of regular PCI scanning. So although SSL is a great technology that protects data transit between a client and a web server, it does not stop attacks that directly target the server or client components of an application.
This paper describes a methodology someone can follow when attacking a web application. It provides a good level of assurance that the attacker has detected all the necessary areas of the application’s attack surface and has found as many issues as possible given the resources available to him.
The methodology is presented as a sequence of tasks that are organized according to the logical interdependencies between them. In practice the attacker will usually need to think beyond the standard direction in which his activities should go and allow these to be guided by what he discovers about the application he is attacking.
This paper also presents tools that someone can use to attack on web applications. Many of these tools operate in conjunction with the standard web browser, either as extensions or as external tools. Other tools automate many of the tasks involved in attacking, or perform specific tasks when testing web applications.
Σχόλια