Attacking SSL-based website

• Securing the communication between the client and the web application is the most common use of TLS/SSL,and it is known as HTTP over SSL or HTTPS.

AJAX and Web Services-Security Issues

• Asynchronous JavaScript and XML（AJAX） is a combination of technologies that is used to create fast and dynamic pages.
• AJAX makes use of javascript to connect and retrieve information from the server without reloading the entire web page.

Exploiting Clients Using XSS and CSRF Flaws

• Over the years,the cross-scripting attack has been using JavaScript to perform mailcious activities such as malvertising,port scanning and key logging.(The XSS attack can also be used to inject VBScript,ActiveX,or Flash into a vulnerable web page.)

• Scanning-dirb

  • CGI is a common standard for web applications to interact with command-line executables;hence,CGI scripts were the most vulnerable to shellshock attack.
  • Exploitation:useapache_mod_cgi_bash_env_exec.

Attacking the Server Using Injectinog-based Flaws

• components likely to attack

  Components	Injection flaws
  Operation system shell	Command injection
  Relational database(RDBMS)	SQL injection
  Web browser	XSS attack
  LDAP directory	LDAP injection
  XML	XPATH injection