Exploiting MVC Model Binding
Exploiting MVC Model Binding
About the Book
Table of Contents
-
1 July 2011
- O2 Script with BlackBox exploits for Spring MVC AutoBinding vulnerabilities in JPetStore
- O2 Script for “Spring MVC JPetStore - Start Servers” (start/stop apache and hsqldb)
- O2 Script: ‘Spring MVC Util - View Controllers’
- Creating an API for JPetStore Browser automation
- Injecting FirebugLite and jQuery into a IE Automation page (JPetStore Example)
- Writing an O2 ‘IE Automation’ Script for JPetStore Account Creation
- Viewing JPetStore Hsqldb database and couple more Autobinding issues
- Finding the JSP views that are mapped to controlers in JPetStore (Spring MVC)
- Visualizing the links in JPetStore (Spring MVC)
- Packaged Spring MVC Security Test Apps: JPetStore and PetClinc
- Simple Viewer to see JSP files (example using Spring MVC SPetStore)
- Util - Java, Jsp and Xml File Search (Example using Spring MVC JPetStore)
- Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
-
2 September 2011
- example of spring mvc controllers
-
3 November 2011
- Fixing one of JPetStore’s AutoBinding Vulnerabilities (changing the purchase price)
-
4 May 2012
- ASP.NET MVC MUSIC STORE
- Order details
- HTTP form post fields using Fiddler
- Checkout controller
- Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform
-
5 June 2013
- Using ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout)
-
6 July 2013
- Can you spot the security implications/vulnerability of a small change to an ASP.NET MVC 3.0+ Model Binder?
- Nice business logic vulnerability and CSRF on the ASP.NET MVC Design Patterns book sample
- Day 1 - made it to Vegas, start of ASP.NET MVC research
- MVC ModelBinding Vulnerability in Contoso University sample (first raw PoC)
-
7 October 2012
- Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform
- Tool - O2 Cmd SpringMVC v1.0.exe - as standalone exe
- How the Tool - O2 Cmd SpringMVC v1.0.exe was created
-
8 December 2012
- ASP.NET MVC – XSS and AutoBind Vulns in MVC Example app (from 2008)
- ASP.NET Support in SAST and IBM F4F
-
9 January 2013
- OData ASP.NET Web API: An Mass Assignment vulnerability in the making?
- Should Mass Assignment be an OWASP Top 10 Vulnerability?
-
10 September 2008
- ASP.NET MVC – XSS and AutoBind vulns in MVC Example
-
11 September 2009
- Spring MVC 3.0 MVC Binding rules
- Finally … here is how I have been analysing Spring MVC apps using O2
- Reaching out to Spring Developers
- Couple more blog posts on JPetStore and additional Spring MVC Autobinding vulnerabilities
- Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
- Current O2 support for analyzing Spring MVC
- What needs to be done to map Static Analysis Traces from Controllers and Views
-
12 October 2011
- Why doesn’t SAST have better Framework support (for example Spring MVC)?
- What does SAST mean? And where does it come from?
- First Answer to: Why doesn’t SAST have better Framework support (for example Spring MVC)?
- Solution for fixing Spring’s JPetStore AutoBinding vulnerabilities
-
13 April 2012
- Some proposed Visions for next OWASP Summit
- Why ASP.NET MVC is ‘insecure by design’ , just like Spring MVC (and why SAST can help)
- Starting to use the O2 Spring MVC viewer on ThreadFix
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them