Re: Info about attack trees

[Daniel Hadfield <dan () pingsweep co uk>]

You can create an XSS with a SQLi

If you can output on the page, you can inject HTML/JS with that variable


On 25/05/2012 09:58, Federico De Meo wrote:
> Hello everybody, I'm new to this maling-list and to security in general.
> I'm here to learn and I'm starting with a question :)
>
> I'm looking for some informations about attack trees usage in web application analysis.
>
> For my master thesis I decided to study the usage of this formalism in order to reppresent attacks to a web 
> applications. 
> I need a lot of use cases from which to start learning common attacks which can help building a proper tree.
>
> > From where can I start?
>
> I've already read the OWASP top 10 vulnerabilities an I'm familiar with XSS, SQLi, ecc. however I've no clue on how 
> to combine them together in order to perform the steps needed to attack a system. I'm looking for some examples and 
> maybe to some famous attacks from which I can understand which steps are performed and how commons vulnerabilities 
> can being combined together. Any help is really appreciated.
>
>
> -------------------
> Federico.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/