border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Wednesday, April 27, 2011

Web Application Hacking Basics - 2



In this post we will discus a little about webapplication technologies and why might be they are vulnerable. So the very first web application technology includes HTML. Many of you might say HTML is only used to design web pages but the answer is partially true. Remind yourself with those days of internet when it wasn’t as interactive as it is today. Webpage those days never used entities like form field, hidden values, interactive input boxes because they came to play when webpage became interactive and they became interactive when webapplications came to play. So an input form, hidden values, input parameters, cookies, obfuscated URLs, hyperlinks etc all those things which can be tampered in web page are all web applications based on HTML. The reason HTML pages make vulnerable web applications just because they all can be easily tampered.


To tackle database interaction related problems CGI and Perl scripts came into play along with python. Web applications built over these technologies were first to provide database level interaction. Now problem they face were they can provide run time solutions that means they all are dynamic in nature whether related to output or process space. And thus they all are vulnerable to buffer overflows and command injection types of attacks.


To provide more flexibility in interaction of user with database with possible fewer amounts of memory and time Java brought new age of web applications which run on Java Virtual Machine and provided sandbox feature. With time it provided more and more solutions to web applications with help of Java applets, Java scripts, servelets, JSP, AJAX etc and their intercommunication and thus it became vulnerable to direct script execution attack. Where usually if attacker manages to know script related to some task he/she can write a complimentary script to run from web browser to perform a powerful Java script attack against any Java vulnerable Java application.


The Microsoft competitor to Java is ASP.NET. It works on event driven paradigm thus providing a powerful API for application development. But since ASP.NET applications may run on any .NET written platform like C# or VB.NET they can provide direct access to hardware level functioning due to improper coding practice. In fact Visual Studio is most dangerous development framework that was ever built for windows platform.


Last in line comes PHP. PHP is vulnerable to SQL injection, buffer overflows as well as command injection attack due to its development and token parsing related problems.
Above post might be little difficult and tricky for those who are not anyhow related to coding world. I hope those who can understand above stuff might find it new, innovative and post of its own kind related to web technologies related to web applications. Hope you like it, thanks for reading and keep visiting.

No comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More