CGISecurity Logo

Topics

Tags

Web Application Penetration Testing

Posted by Robert A on

|




This section provides information for penetration testers.
Some of this content is in other sections of this website already (The library). I just created this page as a quick
reference. Please, if you feel I that I’ve missed a important link or document (Or you just feel like chatting 🙂 Email Me.

The best way to find information is to use our search engine on the right.

Articles:
Penetration Testing for Web Applications (Part One)
Penetration Testing for Web Applications (Part Two)
Penetration Testing for Web Applications (Part Three)

Site Sections:
SQL Injection Page
Cross Site Scripting (XSS)

Session ID Attacks:
Brute-Force Exploitation of Web Application Session IDs, November 1, 2001 (PDF)
– David Endler iDefense

Session Fixation Vulnerability in Web-based Applications v1.0, December 2002 (PDF)
ACROS Security

Cookie Modification and Poisoning:
Hacking Web Applications Using Cookie Poisoning, 2002 (PDF)
– Amit Klein/sanctuminc

HTTP Header Modification:
Header Based Exploitation: Web Statistical Software Threats, January 2002 (TXT)
www.cgisecurity.com

TCP Port 80 – HyperText Transfer Protocol (HTTP) Header Exploitation, Sept 11th 2002 (HTML)
– William Bellamy Jr.

CRLF Injection, (TXT)
– Ulf Harnhammar

Log Forensics:
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures. , November 2001 (TXT)
www.cgisecurity.com

Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two., March 2002 (TXT)
(HTML)
www.cgisecurity.com

Web Application Forensics: The Uncharted Territory, 2002 (PDF)
– Ory Segal/sanctuminc
Note: This paper has been posted for its information base only, and we in no
way promote or support the products mentioned within.

PHP:
A Study in Scarlet: Exploiting Common Vulnerabilities in PHP Applications (TXT)
(Spanish)
(French)
"A reprint of reminisces from the Blackhat Briefings Asia 2001"
– Shaun Clowes, SecureReality

Secure Programming in PHP, January 30, 2002 (HTML)
– Thomas Oertli

Perl:
CGI/Perl Taint Mode FAQ, June 3rd, 1998 (HTML)
– Gunther Birznieks

Security Issues in Perl Scripts (HTML)
– Jordan Dimov

Misc Documentation:
Application Security Assessments: Advice on Assessing your Custom Application, 2002 (HTML)
Gunter Ollmann

Ethical Hacking Techniques to Audit and Secure Web-enabled Applications (PDF)
sanctuminc

LDAP Injection: Are your web applications vulnerable?, July 28th 2003 (Remote Copy)
SPI LABS

Application Penetration test (SAMPLE)
Imperva

Favorite Links

Twitter

Twitter

Popular Pages

WASC Threat Classification

Copyright 2000-2026 CGISecurity.com – The oldest application security site online, predating OWASP.