How to Break Web Software: Functional and Security Testing of Web Applications and Web Services

Preface vii Acknowledgments ix About the Authors xi Chapter 1: The Web Is Different 1 Chapter 2: Gathering Information on the Target 11 Chapter 3: Attacking the Client 29 Chapter 4: State-Based Attacks 41 Chapter 5: Attacking User-Supplied Input Data 65 Chapter 6: Language-Based Attacks 85 Chapter 7: Attacking the Server 99 Chapter 8: Authentication 115 Chapter 9: Privacy 135 Chapter 10: Web Services 149 Appendix A: Fifty Years of Software: Key Principles for Quality 159 Appendix B: Flowershop Bugs 171 Appendix C: Tools 179 Index 207