- There are three main ways in which HTTP requests can be used to send parameters to the application:
- In the URL Query string,
- In HTTP cookies,
- In the body of requests using the POST method.
- Some terms about Java-based web applications:
- An Enterprise Java Bean (EJB) is a relatively heavyweight software component that encapsulates the logic of a specific business function within the application.
- A Plain Old Java Object (POJO) is an ordinary Java object. POJO is normally used to denote objects that are user-defined and much simpler and more lightweight than EJBs and those used in other frameworks.
- A Java Servlet is an object that resides on an application server and receives HTTP requests from clients and returns HTTP responses.
- A Java web container is a platform or engine that provides a runtime environment for Java-based web applications. Examples: Apache Tomcat, Oracle WebLogic, and JBoss.
- Examples of components commonly used for key application functions in Java-based applications are:
- Authentication — JAAS, ACEGI
- Presentation layer— SiteMesh, Tapestry
- Database object relational mapping— Hibernate
- Logging — Log4J
- LAMP: Linux, Apache, MySQL, PHP. Open source team for applications.
- Numerous open source applications and components have been developed using PHP. Many of these provide off-the-shelf solutions for common application functions, which are often incorporated into wider custom-built applications, for example:
- Bulletin boards— PHPBB, PHP-Nuke
- Administrative front ends— PHPMyAdmin
- Web mail — SquirrelMail, IlohaMail
- Photo galleries— Gallery
- Shopping carts— osCommerce, ECW-Shop
- Wikis— MediaWiki, WakkaWikki
Önceleri web uygulama güvenliğine özel olması düşünülen blog, daha sonra diğer sızma testleri konularını da kapsayacak şekilde genişletilmiştir.
29 Mayıs 2010 Cumartesi
Web Application Technologies: Server-side Functionality
Kayıt Yorumları (Atom)
Web Uygulama Sızma Testleri İçin Kontrol Listeleri - V
Checklist for Web App Pentesting - V 6. Veri Denetimi (Data Validation) Testleri 6.1 Girdi Denetimi Bütün girdiler denetlenmelidir....
& (%26) URL sorgu tümcesindeki parametreleri mesaj gövdesinden ayırmada kullanılır. = (%3d) URL sorgu tümcesindeki parametrelerin i...
Checklist for Web App Pentesting - V 6. Veri Denetimi (Data Validation) Testleri 6.1 Girdi Denetimi Bütün girdiler denetlenmelidir....
OWASP'ın 2010 yılı için açıkladığı en önemli 10 güvenlik riski ve bunlar için en faydalı araçlardan birer örnek, bu yazının konusunu ol...
Hiç yorum yok:
Yorum Gönder