Index
Note: Page numbers followed by f indicate figures and t indicate tables.
A
Access-control-request-headers
247Access-control-request-method
247American Standard Code for Information Interchange (ASCII)
server-side HTML filter
29seven-bit encoding characters
17B
Basic multilingual plane (BMP)
18Bypasses and attacks mitigation
11code injections
HTML injection and cross-site scripting
218–220DOM protection
onpropertychange event
234server- and client-side databases
217C
Cascading style sheets (CSSs)
10attacks
crawler and navigation monitor
139Character data (CDATA)
predefined character sequence
18Crossdomain.xml files
altCrossDomainXMLFiles
265Cross-origin resource sharing (CORS) mechanism
Cross Site Request Forgery (CSRF)
240–241D
Database management system (DBMS)
Data URIs
HTML5
‹event-source›/‹eventsource›
69Opera test-cases-domain
69–70Web Forms 2.0 repetition model
70style attributes
Internet Explorer tested versions
65–66social networking platform
63–64vbscript protocol handler
66UTF-7 and UTF-16 character
58Denial-of-service regular expression
213–215Document type definitions (DTDs)
14,
14t,
15tE
Extensible Hypertext Markup Language (XHTML)
14F
Facebook Markup Language (FBML)
120G
Graphics interchange format (GIF)
156Great JavaScript Charwall
121H
HyperText Markup Language (HTML)
browser market competitors
24CDATA
predefined character sequence
18cross-domain XHR problem
23erroneous markup handling method
21–22injection and cross-site scripting
PHPIDS attack detection
220ISO/IEC 8859-15 character set
17–18remote code execution flaw
23semantics and structure
23URIs
broken protocol handlers
54–55XML
decimal and hexadecimal entities
72I
International Obfuscated C Code Contest (IOCCC)
105Internet Explorer filters
attacks
209–213compatibility, performance, and security
209J
JavaScript (JScript)
nonalphanumeric
Great JavaScript Charwall
121plain filter circumvention
119variables
alphanumeric characters
91location.hash variable
94–95JavaScript Object Notation (JSON)
242–243M
Markup obfuscation
attributes and delimiters
attribute name and value characters
36,
36tattribute value delimiters
37,
37tJavaScript language element
38size attribute, ‹font› tag
36–37conditional comments
outside and inside attributes
52–53JavaScript code alert(1) execution
24JavaScript execution
trigger script execution
43–44multiple same-named attributes
xmlns, XML namespace attribute
40separators
tag name and attribute characters
34,
34tunicode character class
34–35whitespace character
34–35tag names obfuscation
character set and PHP-based application
30server-side HTML filter
29XSS attacks/SQL injection
32valid markup structure
27,
27tWeb application input filters
25Microsoft BlueHat security conference
259Microsoft Data Access Components (MDAC)
223N
Nonalphanumeric JavaScript
10minimalistic sets
Great JavaScript Charwall
121plain filter circumvention
119O
Open Web Application Security Project (OWASP) Validation Regex Repository
217–218P
Perl Compatible Regular Expressions (PCRE)
34Personal Homepage (PHP)
10attacker-controlled PHP code
224–225code execution vulnerability
223–224Google Code Search Engine
224include and require statements
224numerical data types
type juggling technique
157strings
anonymous and variable functions
173–174encryption and decryption functions
162heredoc and nowdoc syntax
161sneak past filter rules
162R
Regular expressions
restricted repetition
,
8tS
Same Origin Policy (SOP)
cross-site information exchange
245Scalable vector graphics (SVG)
77–79Server-side Web development
Standard Generalized Markup Language (SGML)
13Strings
PHP
anonymous and variable functions
173–174encryption and decryption functions
162heredoc and nowdoc syntax
161sneak past filter rules
162SQL
regular notation and delimiting
187–188Structured English Query Language (SEQUEL)
177Structured Query Language (SQL)
10concatenation-based bugs
222Microsoft SQL procedure
223strings
regular notation and delimitation
187–188Web application security
223T
Text/html-sandboxed content type
253–255Type juggling technique
157U
Uniform Messaging Policy (UMP)
248–249W
Web application firewalls (WAFs)
221Web applications
Content-Security-Policy header
257cross-site scripting filters
238flash plug-in
allowScriptAccess argument
258HTML5
238cross-site scripting filters
245text/html-sandboxed content type
253–255Java plug-in
Java-based cross-site scripting
262–264security ramifications
237security-related extensions
256Strict-Transport-Security header
256–257X-Frame-Options header
256X-XSS-Protection header
256Web Hypertext Application Technology Working Group (WHATWG)
67,
237–238Web security and technology
11World Wide Web Consortium (W3C)
238JavaScript execution
42–43X
XSS filter
cross-site scripting attacks
211
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.