Exploiting MVC Model Binding
This book is 60% complete
Last updated on 2014-03-23
About the Book
Table of Contents
-
1 July 2011
- O2 Script with BlackBox exploits for Spring MVC AutoBinding vulnerabilities in JPetStore
- O2 Script for “Spring MVC JPetStore - Start Servers” (start/stop apache and hsqldb)
- O2 Script: ‘Spring MVC Util - View Controllers’
- Creating an API for JPetStore Browser automation
- Injecting FirebugLite and jQuery into a IE Automation page (JPetStore Example)
- Writing an O2 ‘IE Automation’ Script for JPetStore Account Creation
- Viewing JPetStore Hsqldb database and couple more Autobinding issues
- Finding the JSP views that are mapped to controlers in JPetStore (Spring MVC)
- Visualizing the links in JPetStore (Spring MVC)
- Packaged Spring MVC Security Test Apps: JPetStore and PetClinc
- Simple Viewer to see JSP files (example using Spring MVC SPetStore)
- Util - Java, Jsp and Xml File Search (Example using Spring MVC JPetStore)
- Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
-
2 September 2011
- example of spring mvc controllers
-
3 November 2011
- Fixing one of JPetStore’s AutoBinding Vulnerabilities (changing the purchase price)
-
4 May 2012
- ASP.NET MVC MUSIC STORE
- Order details
- HTTP form post fields using Fiddler
- Checkout controller
- Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform
-
5 June 2013
- Using ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout)
-
6 July 2013
- Can you spot the security implications/vulnerability of a small change to an ASP.NET MVC 3.0+ Model Binder?
- Nice business logic vulnerability and CSRF on the ASP.NET MVC Design Patterns book sample
- Day 1 - made it to Vegas, start of ASP.NET MVC research
- MVC ModelBinding Vulnerability in Contoso University sample (first raw PoC)
-
7 October 2012
- Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform
- Tool - O2 Cmd SpringMVC v1.0.exe - as standalone exe
- How the Tool - O2 Cmd SpringMVC v1.0.exe was created
-
8 December 2012
- ASP.NET MVC – XSS and AutoBind Vulns in MVC Example app (from 2008)
- ASP.NET Support in SAST and IBM F4F
-
9 January 2013
- OData ASP.NET Web API: An Mass Assignment vulnerability in the making?
- Should Mass Assignment be an OWASP Top 10 Vulnerability?
-
10 September 2008
- ASP.NET MVC – XSS and AutoBind vulns in MVC Example
-
11 September 2009
- Spring MVC 3.0 MVC Binding rules
- Finally … here is how I have been analysing Spring MVC apps using O2
- Reaching out to Spring Developers
- Couple more blog posts on JPetStore and additional Spring MVC Autobinding vulnerabilities
- Visualizing Spring MVC Annotations based Controls (and Autobinding PetClinic’s vulnerabilities)
- Current O2 support for analyzing Spring MVC
- What needs to be done to map Static Analysis Traces from Controllers and Views
-
12 October 2011
- Why doesn’t SAST have better Framework support (for example Spring MVC)?
- What does SAST mean? And where does it come from?
- First Answer to: Why doesn’t SAST have better Framework support (for example Spring MVC)?
- Solution for fixing Spring’s JPetStore AutoBinding vulnerabilities
-
13 April 2012
- Some proposed Visions for next OWASP Summit
- Why ASP.NET MVC is ‘insecure by design’ , just like Spring MVC (and why SAST can help)
- Starting to use the O2 Spring MVC viewer on ThreadFix
Authors have earned$8,272,743writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.
Learn more about writing on Leanpub
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. Free App. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets), MOBI (for Kindle) and in the free Leanpub App (for Mac, Windows, iOS and Android). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them