en:cs:web_applications_threats_modeling

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision
Révision précédente
en:cs:web_applications_threats_modeling [2017/02/16 15:02] – [Threats class: A1 injection] fraggleen:cs:web_applications_threats_modeling [2021/12/27 18:25] (Version actuelle) – modification externe 127.0.0.1
Ligne 9: Ligne 9:
  
 Each web applications has a finite set of visibles parameters being in forms, URL parameters, ... called $ \mathcal{P} = \{p_{1},\dots,p_{n}\}, \, n \in \mathbb{N} $.\\ Each web applications has a finite set of visibles parameters being in forms, URL parameters, ... called $ \mathcal{P} = \{p_{1},\dots,p_{n}\}, \, n \in \mathbb{N} $.\\
-All parameters are not typed: the HTTP protocol only transport text.  +All parameters are not typed: the HTTP protocol only transport text. But we might consider the langage associated to each parameters $ p_{i} $ to ease the future data injection.   
        
 We will consider the set $ \mathcal{P} $ in the future.  We will consider the set $ \mathcal{P} $ in the future. 
Ligne 30: Ligne 30:
   * Phase two: determine data pattern to inject   * Phase two: determine data pattern to inject
  
-It will of course not be a blind and random data building like fuzzing, data should be carefully crafted depending on the inputs type and probably location. The building of the set of data patterns is challenging.\\+It will of course not be a blind and random data building like fuzzing, data should be carefully crafted depending on the parameters langage and probably location. The building of the set of data patterns is challenging.\\
 For now, we only know it is finite.  For now, we only know it is finite. 
  
  • en/cs/web_applications_threats_modeling.1487253773.txt.gz
  • Dernière modification : 2021/12/27 18:25
  • (modification externe)