[WEB SECURITY] Whitepaper - Behind Enemy Lines: Administrative Web Application Attacks

[Rafael Dominguez-Vega <Rafael.Dominguez-Vega@xxxxxxxxxxxxxxxxxxx>]

Hello,

Web interfaces are now commonly used for administering systems and
networks by organisations ranging from small businesses through to those
with major enterprise environments. Most products or applications have a
web interface to aid administrators with the configuration process.

Administrative interfaces can be affected by vulnerabilities in just the
same way as publicly facing websites can be, however additional attack
vectors exist due to their interaction with different services and
protocols.

This white paper discusses the use of alternative protocols, such as
DHCP and 802.11, to perform web based attacks; the different methods
that can be used to exploiting them and details on how tools can be
built to both test for the presence of vulnerabilities and to exploit
them.

http://www.mwrinfosecurity.com/publications/mwri_behind-enemy-lines_2008-07-25.pdf

This whitepaper is supplemented by a variety of advisories, tools and
demo videos. These can all be discovered at the following location.

http://www.mwrinfosecurity.com/content/publications.php

Regards, 
Rafa

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA