Seven deadliest web application attacks / Mike Shema; technical editor, Adam Ely.

Format:

Book

Author/Creator:

Shema, Mike.

Contributor:

Ely, Adam.

Series:

Syngress seven deadliest attacks series.

Syngress seven deadliest attacks series

Language:

English

Subjects (All):

Malware (Computer software)--Prevention.

Malware (Computer software).

Web sites--Security measures.

Web sites.

Computer networks--Security measures.

Computer networks.

Computer crimes--Prevention.

Computer crimes.

Physical Description:

1 online resource (187 p.)

Edition:

1st edition

Place of Publication:

Amsterdam ; Boston : Syngress, c2010.

Language Note:

English

System Details:

text file

Summary:

Do you need to keep up with the latest hacks, attacks, and exploits effecting web applications? Then you need Seven Deadliest Web Application Attacks. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Cross-Site Scripting (XSS)Cross-Site Reque

Contents:

Front Cover; Half Title Page; Series Title Page; Title Page; Copyright Page; Table of Contents; About the Authors; Introduction; Chapter 1. Cross-Site Scripting; Understanding HTML Injection; Identifying Points of Injection; Distinguishing Different Delivery Vectors; Handling Character Sets Safely; Not Failing Secure; Avoiding Blacklisted Characters Altogether; Dealing with Browser Quirks; The Unusual Suspects; Employing Countermeasures; Fixing a Static Character Set; Normalizing Character Sets and Encoding; Encoding the Output; Beware of Exclusion Lists and Regexes

Reuse, Don't Reimplement, CodeJavaScript Sandboxes; Summary; Chapter 2. Cross-Site Request Forgery; Understanding Cross-Site Request Forgery; Request Forgery via Forced Browsing; Attacking Authenticated Actions without Passwords; Dangerous Liaison: CSRF and XSS; Beyond GET; Be Wary of the Tangled Web; Variation on a Theme: Clickjacking; Employing Countermeasures; Defending the Web Application; Defending the Web Browser; Summary; Chapter 3. Structured Query Language Injection; Understanding SQL Injection; Breaking the Query; Vivisecting the Database; Alternate Attack Vectors

Employing CountermeasuresValidating Input; Securing the Query; Protecting Information; Stay Current with Database Patches; Summary; Chapter 4. Server Misconfiguration and Predictable Pages; Understanding the Attacks; Identifying Insecure Design Patterns; Targeting the Operating System; Attacking the Server; Employing Countermeasures; Restricting File Access; Using Object References; Blacklisting Insecure Functions; Enforcing Authorization; Restricting Network Connections; Summary; Chapter 5. Breaking Authentication Schemes; Understanding Authentication Attacks; Replaying the Session Token

Brute ForceSniffing; Resetting Passwords; Cross-Site Scripting; SQL Injection; Gulls and Gullibility; Employing Countermeasures; Protect Session Cookies; Engage the User; Annoy the User; Request Throttling; Logging and Triangulation; Use Alternate Authentication Schemes; Defeating Phishing; Protecting Passwords; Summary; Chapter 6. Logic Attacks; Understanding Logic Attacks; Abusing Workflows; Exploit Policies and Practices; Induction; Denial of Service; Insecure Design Patterns; Information Sieves; Employing Countermeasures; Documenting Requirements; Creating Robust Test Cases

Mapping Policies to ControlsDefensive Programming; Verifying the Client; Summary; Chapter 7. Web of Distrust; Understanding Malware and Browser Attacks; Malware; Plugging into Browser Plug-ins; Domain Name System and Origins; HTML5; Employing Countermeasures; Safer Browsing; Isolating the Browser; DNS Security Extensions; Summary; Index; Preview Chapter

Notes:

Includes index.

Includes bibliographical references and index.

ISBN:

9786612541735

9781282541733

1282541730

9781597495448

1597495441

OCLC:

635293691