64
Site Crawler Tool
Acunetix Web Vulnerability Scanner
might reveal information about the logic of the web application and what
information is expected. In the course of a security audit, you might then try
to give the application unexpected information to see how it behaves.
Check all scripts for:
Input validation code, for example,
on ‘onclick’
or ‘onsubmit’
events.
Client side input validation logic is not secure.
Any characters that might upset applications.
Code that reads to or
from an HTML form field, i.e. getelementbyid,
formname.fieldname.value and so on.
Input Forms Sub-Tab
Screenshot 63 – Input Forms page
This sub-tab displays any HTML forms present in the selected file:
The top window displays the list of all forms.
The middle window displays the list of fields in the selected form e.g.
Buttons, Entry Fields, etc.
The bottom window displays the default values for a selected field.
Review this information carefully and see whether the HTML forms
unnecessarily reveal any information about the web application.
 |
 |
 |