Atjaunināt sīkdatņu piekrišanu

E-grāmata: Hacking Exposed Web Applications, Third Edition

3.68/5 (139 ratings by Goodreads)
, ,
  • Formāts: 464 pages
  • Izdošanas datums: 22-Oct-2010
  • Izdevniecība: Osborne/McGraw-Hill
  • Valoda: eng
  • ISBN-13: 9780071740425
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 58,61 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Hacking Exposed Web Applications, Third EditionPalielināt
  • Formāts: 464 pages
  • Izdošanas datums: 22-Oct-2010
  • Izdevniecība: Osborne/McGraw-Hill
  • Valoda: eng
  • ISBN-13: 9780071740425
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

This volume details hacking attacks and defensive solutions for securing web application against malicious intruders, data thieves and vandals. The work details key methods of web hacking including platform attacks, tampering with authentications and authorizations routines, input injection, attacks on XML web services, and hacking web clients, providing detailed information on how each exploit is performed and what can be done to stop it. Intended for web developers and beginner network administrators, this volume includes numerous code examples, screen shots and illustrations and access to additional online content is provided. Each chapter includes attack and counter-measure sections as well as a chapter summary and recommendations for further reading. Scambray, Liu and Sima are security consultants. Annotation ©2011 Book News, Inc., Portland, OR (booknews.com)

This fully updated bestseller covers the latest web application exploitation techniques and their proven countermeasures

Hacking Exposed: Web Applications, Third Edition shows you how to meet the challenges of online security with the two-pronged "attack-countermeasure" approach. The Third Edition provides leading-edge updates to exploitation techniques, as well as new chapters covering industry-wide threats and countermeasures, such as web application hacking, phishing, and preventative website development practices.

This definitive guide is organized according to the internationally bestselling Hacking Exposed methodology, progressing from reconnaissance of the target through exploitation of common misconfigurations and software flaws. Anecdotes and personal experiences are interspersed throughout to reinforce the relevance and severity of specific vulnerabilities. Based on the author’s many years as a security professional hired to break into the world’s largest IT infrastructures, the techniques presented in this book will improve the security of online business.

Hacking Exposed: Web Applications, Third Edition

  • Covers new web application and phishing techniques as well as best practices in preventing web attacks
  • Includes new case studies and examples based on author’s expertise working with global clients
  • Offers seasoned insight into the core security issues that plague online business platforms of all sizes
  • Provides proven strategies to prevent, detect, and remediate common weaknesses and maintain rock-solid security for the long term

All-inclusive coverage:
Hacking Web Apps 101; Profiling; Hacking Web Platforms; Attacking Web Authentication; Attacking Session Management; Input Injection Attacks; Attacking XML Web Services; Attacking Web Application Development; Hacking Web Client; Full-Knowledge Analysis; Web Application Security Scanners; Web Site Security Checklist

Review of Previous Edition
“A great addition to an arsenal to find, exploit, and overcome Web security issues. Suitable for developers and analysts alike, it will unveil the myriad of techniques your adversaries may employ.” -- Heather Adkins, Google Security

Foreword xvii
Acknowledgments xix
Introduction xxi
1 Hacking Web Apps 101 1(30)
What Is Web Application Hacking?
2(7)
GUI Web Hacking
2(1)
URI Hacking
3(1)
Methods, Headers, and Body
4(2)
Resources
6(1)
Authentication, Sessions, and Authorization
6(1)
The Web Client and HTML
7(1)
Other Protocols
8(1)
Why Attack Web Applications?
9(2)
Who, When, and Where?
11(1)
Weak Spots
11(1)
How Are Web Apps Attacked?
12(14)
The Web Browser
13(1)
Browser Extensions
14(4)
HTTP Proxies
18(7)
Command-line Tools
25(1)
Older Tools
26(1)
Summary
26(1)
References & Further Reading
27(4)
2 Profiling 31(56)
Infrastructure Profiling
32(13)
Footprinting and Scanning: Defining Scope
32(1)
Basic Banner Grabbing
33(1)
Advanced HTTP Fingerprinting
34(4)
Infrastructure Intermediaries
38(7)
Application Profiling
45(37)
Manual Inspection
46(20)
Search Tools for Profiling
66(6)
Automated Web Crawling
72(5)
Common Web Application Profiles
77(5)
General Countermeasures
82(3)
A Cautionary Note
83(1)
Protecting Directories
83(1)
Protecting include Files
84(1)
Miscellaneous Tips
84(1)
Summary
85(1)
References & Further Reading
85(2)
3 Hacking Web Platforms 87(36)
Point-and-Click Exploitation Using Metasploit
89(3)
Manual Exploitation
92(12)
Evading Detection
104(3)
Web Platform Security Best Practices
107(12)
Common Best Practices
107(3)
IIS Hardening
110(3)
Apache Hardening
113(5)
PHP Best Practices
118(1)
Summary
119(1)
References & Further Reading
119(4)
4 Attacking Web Authentication 123(44)
Web Authentication Threats
124(27)
Username/Password Threats
124(20)
Strong(er) Web Authentication
144(3)
Web Authentication Services
147(4)
Bypassing Authentication
151(10)
Token Replay
151(2)
Cross-site Request Forgery
153(4)
Identity Management
157(4)
Client-side Piggybacking
161(1)
Some Final Thoughts: Identity Theft
161(1)
Summary
162(2)
References & Further Reading
164(3)
5 Attacking Web Authorization 167(54)
Fingerprinting Authz
169(8)
Crawling ACLs
169(1)
Identifying Access Tokens
170(2)
Analyzing Session Tokens
172(2)
Differential Analysis
174(1)
Role Matrix
175(2)
Attacking ACLS
177(1)
Attacking Tokens
178(18)
Manual Prediction
179(8)
Automated Prediction
187(7)
Capture/Replay
194(1)
Session Fixation
195(1)
Authorization Attack Case Studies
196(14)
Horizontal Privilege Escalation
196(5)
Vertical Privilege Escalation
201(3)
Differential Analysis
204(2)
When Encryption Fails
206(1)
Using cURL to Map Permissions
207(3)
Authorization Best Practices
210(7)
Web ACL Best Practices
211(3)
Web Authorization/Session Token Security
214(2)
Security Logs
216(1)
Summary
217(1)
References & Further Reading
218(3)
6 Input Injection Attacks 221(46)
Expect the Unexpected
222(2)
Where to Find Attack Vectors
224(1)
Bypass Client-Side Validation Routines
225(1)
Common Input Injection Attacks
225(36)
Buffer Overflow
226(1)
Canonicalization (dot-dot-slash)
227(6)
HTML Injection
233(3)
Boundary Checks
236(1)
Manipulate Application Behavior
237(1)
SQL Injection
238(13)
XPATH Injection
251(3)
LDAP Injection
254(1)
Custom Parameter Injection
255(1)
Log Injection
256(1)
Command Execution
257(2)
Encoding Abuse
259(1)
PHP Global Variables
259(1)
Common Side-effects
260(1)
Common Countermeasures
261(1)
Summary
262(2)
References & Further Reading
264(3)
7 Attacking XML Web Services 267(28)
What Is a Web Service?
268(11)
Transport: SOAP over HTTP(S)
269(4)
WSDL
273(2)
Directory Services: UDDI and DISCO
275(4)
Similarities to Web Application Security
279(1)
Attacking Web Services
279(9)
Web Service Security Basics
288(3)
Summary
291(1)
References & Further Reading
292(3)
8 Attacking Web Application Management 295(40)
Remote Server Management
296(3)
Telnet
296(1)
SSH
297(1)
Proprietary Management Ports
298(1)
Other Administration Services
299(1)
Web Content Management
299(10)
FTP
299(1)
SSH/scp
300(1)
FrontPage
300(2)
WebDAV
302(7)
Misconfigurations
309(23)
Unnecessary Web Server Extensions
309(3)
Information Leakage Misconfigurations
312(15)
State Management Misconfiguration
327(5)
Summary
332(1)
References & Further Reading
333(2)
9 Hacking Web Clients 335(36)
Exploits
336(16)
Web Client Implementation Vulnerabilities
337(15)
Trickery
352(6)
General Countermeasures
358(6)
Low-privilege Browsing
359(2)
Firefox Security Extensions
361(1)
ActiveX Countermeasures
361(2)
Server-side Countermeasures
363(1)
Summary
364(1)
References & Further Reading
364(7)
10 The Enterprise Web Application Security Program 371(42)
Threat Modeling
372(10)
Clarify Security Objectives
374(1)
Identity Assets
374(1)
Architecture Overview
375(2)
Decompose the Application
377(1)
Identify and Document Threats
377(2)
Rank the Threats
379(1)
Develop Threat Mitigation Strategies
380(2)
Code Review
382(15)
Manual Source Code Review
382(5)
Automated Source Code Review
387(1)
Binary Analysis
387(10)
Security Testing of Web App Code
397(4)
Fuzzing
397(2)
Test Tools, Utilities, and Harnesses
399(1)
Pen-testing
400(1)
Security in the Web Development Process
401(8)
People
401(3)
Process
404(2)
Technology
406(3)
Summary
409(1)
References & Further Reading
410(3)
A Web Application Security Checklist 413(6)
B Web Hacking Tools and Techniques Cribsheet 419(10)
Index 429
Joel Scambray, CISSP, is Managing Principal with Citigal as well as Co-Founder of Consciere LLC. He was previously chief strategy officer for Leviathan Security Group. He has assisted companies ranging from newly minted startups to members of the Fortune 50 in addressing information security challenges and opportunities for over a dozen years. Joel's background includes roles as an executive, technical consultant, and entrepreneur. He was a senior director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone, Inc. He has also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. Joel has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel Scambray is the co-author of all 6 editions of Hacking Exposed. He is also the lead author of Hacking Exposed Windows and Hacking Exposed Web Applications.





McGraw-Hill authors represent the leading experts in their fields and are dedicated to improving the lives, careers, and interests of readers worldwide





Caleb Sima is the co-founder and CTO of SPI Dynamics, a web application security products company, and has more than 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press. He is also a contributing author to various magazines and online columns. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97800717404256e.html
Keywords: