First page Back Continue Last page Summary Graphic
Web server weaknesses
Directory recursion, breaking out of the web root
Trusting user-supplied input
- Never, never, never trust user-supplied input!
- Filter all input for html injection, SQL commands
Example scripts often leak information
Some servers and CGIs are vulnerable to buffer overflows and other standard attacks