Atjaunināt sīkdatņu piekrišanu

E-grāmata: Hacking Web Apps: Detecting and Preventing Web Application Security Problems

3.78/5 (44 ratings by Goodreads)
(Web Application Security Solutions, Qualys, Inc.)
  • Formāts: PDF+DRM
  • Izdošanas datums: 22-Oct-2012
  • Izdevniecība: Syngress Media,U.S.
  • Valoda: eng
  • ISBN-13: 9781597499569
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 39,02 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Hacking Web Apps: Detecting and Preventing Web Application Security ProblemsPalielināt
  • Formāts: PDF+DRM
  • Izdošanas datums: 22-Oct-2012
  • Izdevniecība: Syngress Media,U.S.
  • Valoda: eng
  • ISBN-13: 9781597499569
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve.

Attacks featured in this book include:

SQL Injection

Cross Site Scripting

Logic Attacks

Server Misconfigurations

Predictable Pages

Web of Distrust

Breaking Authentication Schemes

HTML5 Security Breaches

Attacks on Mobile Apps

Even if you dont develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attackedas well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser sometimes your last line of defense more secure.

Recenzijas

"Preventing and fixing vulnerabilities is what this book is really aboutThe truth is that its most appropriate for anyone tasked with securing an organisations website. However, all web developers should be made to read it, whether they consider themselves coders or designers."--Network Security Newsletter, July 2013

"This book is equally valuable to technical security practitioners and less-technical security leaders alike.  I recommend anyone looking to develop their own web applications or defend against modern web application exploitation take advantage of Mike Shemas expertise on this topic."--Doug Steelman, Chief Information Security Officer, Dell SecureWorks

"Hacking Web Apps by Mike Shema introduces novice security practitioners to the most threatening exploits plaguing modern web applications.  The book covers more than the raw concepts, by bringing in other vulnerabilities and showing how the various exploits relate to one another; and it does so in human readable terms."--Robert Hansen, CEO of Falling Rock Networks and SecTheory Ltd.

Papildus informācija

Know what you are up against - discover what the deadliest web attacks are and how to defend against them!
About the Author v
Acknowledgements vii
Introduction xiii
Chapter 1 HTML5
1(22)
The New Document Object Model (DOM)
2(1)
Cross-Origin Resource Sharing (CORS)
3(3)
WebSockets
6(8)
Transferring Data
10(1)
Data Frames
11(2)
Security Considerations
13(1)
Web Storage
14(2)
IndexedDB
16(1)
Web Workers
16(3)
Flotsam & Jetsam
19(1)
History API
19(1)
Draft APIs
20(1)
Summary
20(3)
Chapter 2 HTML Injection & Cross-Site Scripting (XSS)
23(56)
Understanding HTML Injection
24(43)
Identifying Points of Injection
30(7)
Identifying the Type of Reflection
37(5)
Identifying the Injection's Rendered Context
42(3)
Putting the Hack Together
45(3)
Abusing Character Sets
48(8)
Exploiting Failure Modes
56(3)
Bypassing Weak Exclusion Lists
59(1)
Leveraging Browser Quirks
60(3)
The Unusual Suspects
63(3)
The Impact of XSS
66(1)
Employing Countermeasures
67(11)
Fixing a Static Character Set
68(1)
Normalizing Character Sets and Encoding
69(1)
Encoding the Output
70(1)
Beware of Exclusion Lists and Regexes
71(2)
Reuse, Don't Reimplement, Code
73(1)
JavaScript Sandboxes
73(3)
Browsers' Built-In XSS Defenses
76(2)
Summary
78(1)
Chapter 3 Cross-Site Request Forgery (CSRF)
79(28)
Understanding Cross-Site Request Forgery
80(13)
The Mechanics of CSRF
83(2)
Request Forgery via Forced Browsing
85(4)
Attacking Authenticated Actions without Passwords
89(1)
Dangerous Liaison: CSRF and HTML Injection
89(1)
Be Wary of the Tangled Web
90(1)
Variation on a Theme: Clickjacking
91(2)
Employing Countermeasures
93(11)
Heading in the Right Direction
94(9)
Defending the Web Browser
103(1)
Vulnerability & Verisimilitude
104(1)
Summary
104(3)
Chapter 4 SQL Injection & Data Store Manipulation
107(34)
Understanding SQL Injection
109(21)
Hacking Tangents: Mathematical and Grammatical
112(1)
Breaking SQL Statements
113(9)
Vivisecting the Database
122(3)
Alternate Attack Vectors
125(1)
Real-World SQL Injection
126(1)
HTML5's Web Storage API
127(1)
SQL Injection Without SQL
128(2)
Employing Countermeasures
130(10)
Validating Input
131(1)
Securing the Statement
131(6)
Protecting Information
137(2)
Stay Current with Database Patches
139(1)
Summary
140(1)
Chapter 5 Breaking Authentication Schemes
141(30)
Understanding Authentication Attacks
142(10)
Replaying the Session Token
142(3)
Brute Force
145(1)
Sniffing
146(3)
Resetting Passwords
149(1)
Cross-Site Scripting (XSS)
149(1)
SQL Injection
150(1)
Gulls & Gullibility
151(1)
Employing Countermeasures
152(16)
Protect Session Cookies
153(2)
Use Secure Authentication Schemes
155(8)
Engage the User
163(1)
Annoy the User
164(1)
Request Throttling
165(1)
Logging and Triangulation
166(1)
Defeating Phishing
166(2)
Protecting Passwords
168(1)
Summary
168(3)
Chapter 6 Abusing Design Deficiencies
171(38)
Understanding Logic & Design Attacks
174(28)
Abusing Workflows
175(1)
Exploiting Policies & Practices
175(5)
Induction
180(3)
Denial of Service
183(1)
Insecure Design Patterns
183(5)
Implementation Errors in Cryptography
188(13)
Information Sieves
201(1)
Employing Countermeasures
202(4)
Documenting Requirements
202(1)
Creating Robust Test Cases
203(1)
Mapping Policies to Controls
204(1)
Defensive Programming
205(1)
Verifying the Client
205(1)
Encryption Guidelines
205(1)
Summary
206(3)
Chapter 7 Leveraging Platform Weaknesses
209(30)
Understanding the Attacks
210(25)
Recognizing Patterns, Structures, & Developer Quirks
210(15)
Targeting the Operating System
225(5)
Attacking the Server
230(1)
Denial of Service
230(5)
Employing Countermeasures
235(3)
Restricting file Access
235(1)
Using Object References
236(1)
Blacklisting Insecure Functions
236(1)
Enforcing Authorization
237(1)
Restricting Network Connections
237(1)
Summary
238(1)
Chapter 8 Browser & Privacy Attacks
239(24)
Understanding Malware and Browser Attacks
240(18)
Malware
241(3)
Plugging in to Browser Plugins
244(2)
DNS and Origins
246(1)
HTML5
247(2)
Privacy
249(9)
Employing Countermeasures
258(3)
Configure SSL/TLS Securely
258(1)
Safer Browsing
259(1)
Isolating the Browser
260(1)
Tor
260(1)
DNSSEC
261(1)
Summary
261(2)
Index 263
Mike Shema develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97815974995692e.html
Keywords: