Web application vulnerabilities : detect, exploit, prevent / Michael Cross ... [et al.].

Format:

Book

Contributor:

Cross, Michael, 1965-

Language:

English

Subjects (All):

Application software--Security measures.

Application software.

Computer security.

Physical Description:

1 online resource (476 p.)

Edition:

1st edition

Place of Publication:

Burlington, MA : Syngress Pub., c2007.

Language Note:

English

System Details:

text file

Summary:

This book is about Web Application Hacking. The world-renowned authors teach the reader to use publicly available tools to conduct thorough assessments of web application. This assessment process provides the reader with an understanding of Web application vulnerabilities and how they are exploited. The book goes on to teach the reader to detect, exploit, and ultimately prevent these vulnerabilities. Next, the authors cover advanced techniques of exploiting vulnerabilities such as SQL Injection, Arbitrary command injection, and more.·Learn to defend Web-based applications developed wi

Contents:

Front Cover; Web Application Vulnerabilities Detect, Exploit, Prevent; Copyright Page; Contributing Authors; Contents; Chapter 1 : Introduction to Web Application Hacking; Introduction; Web Application Architecture Components; The Web Server; The Application Content; The Data Store; Complex Web Application Software Components; Login; Session Tracking Mechanism; User Permissions Enforcement; Role Level Enforcement; Data Access; Application Logic; Logout; Putting it all Together; The Web Application Hacking Methodology; Define the Scope of the Engagement; Before Beginning the Actual Assessment

Open Source Intelligence ScanningDefault Material Scanning; Base Line the Application; Fuzzing; Exploiting/Validating Vulnerabilities; Reporting; The History of Web Application Hacking and the Evolution of Tools; Example 1: Manipulating the URL Directly (GET Method Form Submittal); Example 2: The POST Method; Example 3: Man in the Middle Sockets; The Graphical User Interface Man in the Middle Proxy; Common (or Known) Vulnerability Scanners; Spiders and other Crawlers; Automated Fuzzers; All in One and Multi Function Tools; OWASP's WebScarab Demonstration; Starting WebScarab

Next: Create a new sessionNext: Ensure the Proxy Service is Listening; Next, Configure Your Web Browser; Next, Configure WebScarab to Intercept Requests; Next, Bring up the Summary Tab; Web Application Hacking Tool List; Security E-Mail Lists; Summary; Chapter 2 : Information Gathering Techniques; Introduction; The Principles of Automating Searches; The Original Search Term; Expanding Search Terms; E-mail Addresses; Telephone Numbers; People; Getting Lots of Results; More Combinations; Using ""Special"" Operators; Getting the Data From the Source

Scraping it Yourself - Requesting and Receiving ResponsesScraping it Yourself - The Butcher Shop; Dapper; Aura/EvilAPI; Using Other Search Engines; Parsing the Data; Parsing E-mail Addresses; Domains and Sub-domains; Telephone Numbers; Post Processing; Sorting Results by Relevance; Beyond Snippets; Presenting Results; Applications of Data Mining; Mildly Amusing; Most Interesting; Taking It One Step Further; Collecting Search Terms; On the Web; Spying on Your Own; Search Terms; Gmail; Honey Words; Referrals; Summary; Chapter 3 : Introduction to Server Side Input Validation Issues; Introduction

Cross Site Scripting (XSS)Presenting False Information; How this Example Works; Presenting a False Form; Exploiting Browser Based Vulnerabilities; Exploit Client/Server Trust Relationships; Chapter 4 : Client-Side Exploit Frameworks; Introduction; AttackAPI; Enumerating the Client; Attacking Networks; Hijacking the Browser; Controlling Zombies; BeEF; Installing and Configuring BeEF; Controlling Zombies; BeEF Modules; Standard Browser Exploits; Port Scanning with BeEF; Inter-protocol Exploitation and Communication with BeEF; CAL9000; XSS Attacks, Cheat Sheets, and Checklists

Encoder, Decoders, and Miscellaneous Tools

Notes:

Includes index.

ISBN:

9786611112691

9781281112699

1281112690

9780080556642

0080556647

OCLC:

476126432