Hacking Exposed Web Applications

by Joel Scambray, Mike Shema

DescriptionTable of ContentsDetailsHashtagsReport an issue

Book Description

In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks-both simple and sophisticated-and detailed countermeasures to protect against them.

What you'll learn:
- The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
- How attackers identify potential weaknesses in Web application components
- What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
- How to survey Web applications for potential vulnerabilities -including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
- Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
- Most common input validation attacks-crafted input, command execution characters, and buffer overflows
- Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
- XML Web services vulnerabilities and best practices
- Tools and techniques used to hack Web clients-including cross-site scripting, active content attacks and cookie manipulation
-Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences

This open book is licensed under a Open Publication License (OPL). You can download Hacking Exposed Web Applications ebook for free in PDF format (8.6 MB).

Table of Contents

Part I
Reconnaissance
 
Chapter 1
Introduction to Web Applications and Security
 
Chapter 2
Profiling
 
Chapter 3
Hacking Web Servers
 
Chapter 4
Surveying the Application
 
Part II
The Attack
 
Chapter 5
Authentication
 
Chapter 6
Authorization
 
Chapter 7
Attacking Session State Management
 
Chapter 8
Input Validation Attacks
 
Chapter 9
Attacking Web Datastores
 
Chapter 10
Attacking Web Services
 
Chapter 11
Hacking Web Application Management
 
Chapter 12
Web Client Hacking
 
Chapter 13
Case Studies
 
Part III
Appendixes
 
Appendix A
Web Site Security Checklist
 
Appendix B
Web Hacking Tools and Techniques Cribsheet
 
Appendix C
Using Libwhisker
 
Appendix D
UrlScan Installation and Configuration
 

Book Details

Subject
Computer Science
Publisher
McGraw-Hill
Published
2002
Pages
416
Edition
1
Language
English
ISBN13 Digital
9780072224382
ISBN10 Digital
007222438X
PDF Size
8.6 MB
License
Open Publication License

Related Books

Modern Web Development on the JAMstack
Learn how to run your web projects - everything from simple sites to complex applications - without a single server. It's possible with the JAMstack, a modern web development architecture for deploying fast, highly-scalable sites and applications that don't require traditional origin infrastructure. This practical report explains how the JAMstack d...
25 Secrets for Faster ASP.NET Applications
Read the tips and tricks recommended by some of the smartest minds in the ASP.NET community. 25 tips from the ASP.NET community for boosting performance in your web applications; Learn the secrets of your fellow developers and read advice from MVPs and other experts; Covers async/await, Web API, ORMs, interactions between your code and your data...
.NET Microservices
This guide is an introduction to developing microservices-based applications and managing them using containers. It discusses architectural design and implementation approaches using .NET Core and Docker containers. To make it easier to get started with containers and microservices, the guide focuses on a reference containerized and microservice-ba...
Webapps in Go
The book teaches you how to write web applications in Go without using a framework. It is possible to write a webapp without using any framework in Go. Each new concept will be explained via a valid code example. The book is based of a todo list manager I wrote in Go, and at any point in time, you can check the source code of the todo list manager....
Go Web Development Succinctly
Go is a modern programming language built to deal with modern programming challenges, such as concurrency and compilation. Designed specifically with the web in mind, Go is an excellent language for writing web applications, specifically for web services. In his second book on Go, Mark Lewin will take you through serving, routing, connecting to a d...
Enabling Things to Talk
The Internet of Things (IoT) is an emerging network superstructure that will connect physical resources and actual users. It will support an ecosystem of smart applications and services bringing hyper-connectivity to our society by using augmented and rich interfaces. Whereas in the beginning IoT referred to the advent of barcodes and Radio Freque...