W

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

WAFs (web application firewalls) 2nd [See also mod_security firewall module]
weakest link security principle
weakness
web application analysis
     page elements
     page parameters
     spiders
     well-known directories
web application architectures
     Apache changes, effect on 2nd
     security review of
    views
         Apache
         network
         user
web application firewalls [See WAFs] [See also mod_security firewall module]
web application security
    application logic flaws [See web applications, logic flaws]
     buffer overflows
     chained vulnerabilities compromise example
     client attacks
         phishing
         typical
     configuration review
     evasion techniques
         path obfuscation
         simple
         SQL injection
         Unicode encoding
         URL encoding
     file disclosure
         download script flaws
         path traversal
         predictable locations
         source code
    information disclosure [See information disclosure security issues]
     injection attacks
         code execution
         command execution
         preventing
         scripting, XSS
         SQL
     learning environments
         WebGoat
         WebMaven
     null-byte attacks 2nd
     PHP safe mode
     resources
     session management attacks
         concepts
         cookies
         design flaw example
         good practices
         session tokens
         sessions, attacks on
     sessions
         directory for not shared
     tools
         commercial
         Paros
         WebScarab
web applications
     integration with reverse proxies
     isolation strategies
         modules
         from servers
         virtual servers
     logic flaws
         client-side validation
         cookies
         hidden fields
         POST method
         process state management
         real-life example
         referrer check
     logs
     WAFs
Web Distributed Authoring and Versioning [See WebDAV]
web of trust identity verification
web security assessment
     administrator responsibility
    black-box testing [See testing, black-box]
     gray-box testing
     security scanners
         Nessus
         Nikto
    white-box testing [See testing, white-box]
web server tree
web servers
     analysis
         application enumeration
         configuration problems
         configuration review
         default location searching
         exceptional requests response
         identifying the application server
         identifying the server
         SSL
         vulnerabilities, probing known
     status monitoring
         graphing 2nd
         mod_status module 2nd
         mod_watch third-party module
         RRDtool
         scripts for
         SNMP
         statistics, fetching and storing
web site for book
WebDAV (Web Distributed Authoring and Versioning) 2nd
WebGoat learning environment
WebMaven learning environment
WebScarab web application security tool