Page 613 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 613

Layer Security (TLS) version support, assessing cipher suites,
               cookie/session ID/token management, and susceptibility to forged

               requests).

               Next in a web security assessment is to evaluate authentication and
               session management. This is followed by evaluating the cryptography
               of the site and the methods used for data validation and sanitization. A
               web security assessment should also involve checking for DoS
               defenses, evaluating risk responses, and testing error handling.

               This is only a brief overview of the concept of web security assessment,
               as the CISSP exam does not expect you to be a professional

               penetration tester, but you should be generally aware of the concept of
               security evaluation. You are welcome to explore more details about
               web security assessment from the OWASP guide if you find this topic
               interesting.

               A few of the OWASP top ten Web risks that you may want to know
               about are injection, XML exploitation, cross-site scripting (XSS), and

               XSRF.

               An injection attack is any exploitation that allows an attacker to
               submit code to a target system in order to modify its operations
               and/or poison and corrupt its data set. There are a wide range of
               potential injection attacks. Typically, an injection attack is named after
               the type of backend system it takes advantage of or the type of payload
               delivered (injected) onto the target. Examples include Structured

               Query Language (SQL) injection, Lightweight Directory Access
               Protocol (LDAP), XML injection, command injection, Hypertext
               Markup Language (HTML) injection, code injection, and file injection.
               A few of these are presented in more detail in this section.

               SQL injection attacks are even riskier than XSS attacks (see the
               following section) from an organization’s perspective because the
               targets of a SQL injection attack are organizational assets, whereas the

               targets of an XSS attack are customers or visitors to a website. SQL
               injection attacks use unexpected input to alter or compromise a web
               application. However, instead of using this input to attempt to fool a
               user, SQL injection attacks use it to gain unauthorized access to an
               underlying database and related assets.
   608   609   610   611   612   613   614   615   616   617   618