E-Book, Englisch, 500 Seiten, Web PDF
Cross MD / Cross Developer's Guide to Web Application Security
1. Auflage 2011
ISBN: 978-0-08-050409-4
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 500 Seiten, Web PDF
ISBN: 978-0-08-050409-4
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.
This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
* The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002
* Author Matt Fisher is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more
* The Companion Web site will have downloadable code and scripts presented in the book
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Developer's Guide to Web Application Security;4
3;Copyright Page;5
4;Contents;14
5;Chapter 1. Hacking Methodology;24
5.1;Introduction;25
5.2;A Brief History of Hacking;26
5.3;What Motivates a Hacker?;30
5.4;Understanding Current Attack Types;33
5.5;Recognizing Web Application Security Threats;46
5.6;Preventing Break-Ins by Thinking like a Hacker;48
5.7;Summary;51
5.8;Solutions Fast Track;51
5.9;Frequently Asked Questions;55
6;Chapter 2. How to Avoid Becoming a Code Grinder;58
6.1;Introduction;59
6.2;What Is a Code Grinder?;60
6.3;Thinking Creatively when Coding;64
6.4;Security from the Perspective of a Code Grinder;69
6.5;Building Functional and Secure Web Applications;72
6.6;Summary;85
6.7;Solutions Fast Track;86
6.8;Frequently Asked Questions;87
7;Chapter 3. Understanding the Risk Associated with Mobile Code;90
7.1;Introduction;91
7.2;Recognizing the Impact of Mobile Code Attacks;92
7.3;Identifying Common Forms of Mobile Code;95
7.4;Protecting Your System from Mobile Code Attacks;126
7.5;Summary;133
7.6;Solutions Fast Track;133
7.7;Frequently Asked Questions;135
8;Chapter 4. Vulnerable CGI Scripts;136
8.1;Introduction;137
8.2;What Is a CGI Script, and What Does It Do?;137
8.3;Break-Ins Resulting from Weak CGI Scripts;146
8.4;Languages for Writing CGI Scripts;163
8.5;Advantages of Using CGI Scripts;166
8.6;Rules for Writing Secure CGI Scripts;166
8.7;Summary;172
8.8;Solutions Fast Track;172
8.9;Frequently Asked Questions;175
9;Chapter 5. Hacking Techniques and Tools;178
9.1;Introduction;179
9.2;A Hacker’s Goals;180
9.3;The Five Phases of Hacking;189
9.4;Defacing Web Sites;199
9.5;Social Engineering;201
9.6;The Intentional “Back Door”Attack;206
9.7;Exploiting Inherent Weaknesses in Code or Programming Environments;209
9.8;The Tools of the Trade;210
9.9;Summary;215
9.10;Solutions Fast Track;215
9.11;Frequently Asked Questions;219
10;Chapter 6. Code Auditing and Reverse Engineering;222
10.1;Introduction;223
10.2;How to Efficiently Trace through a Program;223
10.3;Auditing and Reviewing Selected Programming Languages;226
10.4;Looking for Vulnerabilities;229
10.5;Pulling It All Together;247
10.6;Summary;248
10.7;Solutions Fast Track;248
10.8;Frequently Asked Questions;249
11;Chapter 7. Securing Your Java Code;250
11.1;Introduction;251
11.2;Overview of the Java Security Architecture;255
11.3;How Java Handles Security;264
11.4;Potential Weaknesses in Java;282
11.5;Coding Functional but Secure Java Applets;286
11.6;Summary;314
11.7;Solutions Fast Track;315
11.8;Frequently Asked Questions;316
12;Chapter 8. Securing XML;318
12.1;Introduction;319
12.2;Defining XML;319
12.3;Creating Web Applications Using XML;330
12.4;The Risks Associated with Using XML;334
12.5;Securing XML;336
12.6;Summary;344
12.7;Solutions Fast Track;344
12.8;Frequently Asked Questions;346
13;Chapter 9. Building Safe ActiveX Internet Controls;348
13.1;Introduction;349
13.2;Dangers Associated with Using ActiveX;349
13.3;Methodology for Writing Safe ActiveX Controls;360
13.4;Securing ActiveX Controls;361
13.5;Summary;371
13.6;Solutions Fast Track;371
13.7;Frequently Asked Questions;374
14;Chapter 10. Securing ColdFusion;376
14.1;Introduction;377
14.2;How Does ColdFusion Work?;378
14.3;Preserving ColdFusion Security;383
14.4;ColdFusion Application Processing;399
14.5;Risks Associated with Using ColdFusion;405
14.6;Summary;413
14.7;Solutions Fast Track;413
14.8;Frequently Asked Questions;415
15;Chapter 11. Developing Security-Enabled Applications;416
15.1;Introduction;417
15.2;The Benefits of Using Security-Enabled Applications;417
15.3;Types of Security Used in Applications;418
15.4;Reviewing the Basics of PKI;433
15.5;Using PKI to Secure Web Applications;439
15.6;Implementing PKI in Your Web Infrastructure;440
15.7;Testing Your Security Implementation;445
15.8;Summary;448
15.9;Solutions Fast Track;449
15.10;Frequently Asked Questions;452
16;Chapter 12. Cradle to Grave: Working with a Security Plan;454
16.1;Introduction;455
16.2;Examining Your Code;456
16.3;Being Aware of Code Vulnerabilities;461
16.4;Using Common Sense when Coding;465
16.5;Creating a Security Plan;471
16.6;Summary;476
16.7;Solutions Fast Track;477
16.8;Frequently Asked Questions;478
17;Index;480
