Exploiting MVC Model Binding
Free!
Minimum price
$11.00
Suggested price
This book is 60% complete
Last updated on 2014-03-23
About the Book
License
About the Author
Table of Contents
-
1 July 2011
- O2 Script with BlackBox exploits for Spring MVC AutoBinding vulnerabilities in JPetStore
- O2 Script for “Spring MVC JPetStore - Start Servers” (start/stop apache and hsqldb)
- O2 Script: ‘Spring MVC Util - View Controllers’
- Creating an API for JPetStore Browser automation
- Injecting FirebugLite and jQuery into a IE Automation page (JPetStore Example)
- Writing an O2 ‘IE Automation’ Script for JPetStore Account Creation
- Viewing JPetStore Hsqldb database and couple more Autobinding issues
- Finding the JSP views that are mapped to controlers in JPetStore (Spring MVC)
- Visualizing the links in JPetStore (Spring MVC)
- Packaged Spring MVC Security Test Apps: JPetStore and PetClinc
- Simple Viewer to see JSP files (example using Spring MVC SPetStore)
- Util - Java, Jsp and Xml File Search (Example using Spring MVC JPetStore)
- Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
-
2 September 2011
- example of spring mvc controllers
-
3 November 2011
- Fixing one of JPetStore’s AutoBinding Vulnerabilities (changing the purchase price)
-
4 May 2012
- ASP.NET MVC MUSIC STORE
- Order details
- HTTP form post fields using Fiddler
- Checkout controller
- Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform
-
5 June 2013
- Using ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout)
-
6 July 2013
- Can you spot the security implications/vulnerability of a small change to an ASP.NET MVC 3.0+ Model Binder?
- Nice business logic vulnerability and CSRF on the ASP.NET MVC Design Patterns book sample
- Day 1 - made it to Vegas, start of ASP.NET MVC research
- MVC ModelBinding Vulnerability in Contoso University sample (first raw PoC)
-
7 October 2012
- Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform
- Tool - O2 Cmd SpringMVC v1.0.exe - as standalone exe
- How the Tool - O2 Cmd SpringMVC v1.0.exe was created
-
8 December 2012
- ASP.NET MVC – XSS and AutoBind Vulns in MVC Example app (from 2008)
- ASP.NET Support in SAST and IBM F4F
-
9 January 2013
- OData ASP.NET Web API: An Mass Assignment vulnerability in the making?
- Should Mass Assignment be an OWASP Top 10 Vulnerability?
-
10 September 2008
- ASP.NET MVC – XSS and AutoBind vulns in MVC Example
-
11 September 2009
- Spring MVC 3.0 MVC Binding rules
- Finally … here is how I have been analysing Spring MVC apps using O2
- Reaching out to Spring Developers
- Couple more blog posts on JPetStore and additional Spring MVC Autobinding vulnerabilities
- Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
- Current O2 support for analyzing Spring MVC
- What needs to be done to map Static Analysis Traces from Controllers and Views
-
12 October 2011
- Why doesn’t SAST have better Framework support (for example Spring MVC)?
- What does SAST mean? And where does it come from?
- First Answer to: Why doesn’t SAST have better Framework support (for example Spring MVC)?
- Solution for fixing Spring’s JPetStore AutoBinding vulnerabilities
-
13 April 2012
- Some proposed Visions for next OWASP Summit
- Why ASP.NET MVC is ‘insecure by design’ , just like Spring MVC (and why SAST can help)
- Starting to use the O2 Spring MVC viewer on ThreadFix
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
