Please enable JavaScript.
Coggle requires JavaScript to display documents.
HTTP the most common application protocol (Additional attacks (CSRF, DOS,…
HTTP the most common application protocol
Uses request /response transaction
Http is stateless protocol
Underlining on the transport layer
url/ skim -host -port -path - url parameters - query stream
Unvalidated input
Directory traversal
Misconfiguration
Form tampering
Injection
Ldap
File
XML
Xpath /
OS command
HTML-cxx
XQLI
Additional attacks
CSRF
DOS
cookie poisoning /modification of the cookie to still information of the user
Session fixation
Session poisoning-session set up by attacker
Buffer over flow
Storage
Error handling
Redirects
APIS
RESTfull
SOAP/XML BASED
Cookies
Stored session ids
Language preference
the cookies can be /persistent and none -persistence| important use none-persistence so they can be removed when the browser is closed..
Session fixation is when the attacker is able to intercepts the session and manipulate from the victim web browser
Application Frameworks
Django
Flask
Ruby on Rails
Angular