Summary
In this chapter, we went through some of the exotic attack vectors for web applications. Vectors such as DOM clobbering and RPO are still under research and the impact of these vulnerabilities are yet to be found. IDOR, despite being in the wild in the recent past has emerged as a powerful vulnerability for attacking web applications with poor access controls. I shall refer you to the following resources for further reading:
https://blog.fastmail.com/2015/12/20/sanitising-html-the-dom-clobbering-issue/
http://blog.innerht.ml/rpo-gadgets/
The next chapter will deal with OAuth authorization framework security. OAuth is seen everywhere nowadays so this gives a lot of attack surface. We'll go through some of the techniques to attack web applications which make use of OAuth 2.0.
