| |
Introduction |
| 1. |
Web Application (In)security |
| 2. |
Core Defense Mechanisms |
| 3. |
Web Application Technologies |
| 4. |
Mapping the Application |
| 5. |
Bypassing Client-Side Controls |
| 6. |
Attacking Authentication |
| 7. |
Attacking Session Management |
| 8. |
Attacking Access Controls |
| 9. |
Injecting Code |
| 10. |
Exploiting Path Traversal |
| 11. |
Attacking Application Logic |
| 12. |
Attacking Other Users |
| 13. |
Automating Bespoke Attacks |
| 14. |
Exploiting Information Disclosure |
| 15. |
Attacking Compiled Applications |
| 16. |
Attacking Application Architecture |
| 17. |
Attacking the Web Server |
| 18. |
Finding Vulnerabilities in Source Code |
| 19. |
A Web Application Hacker's Toolkit |
| 20. |
A Web Application Hacker's Methodology |
