J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)
|
Hacking Exposed Web Applications Security Secrets and Solutions Second Edition (Signed Copy)
|
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
|
HACKING EXPOSED WEB APPLICATIONS 3rd Edition
|
HACKING EXPOSED WEB APPLICATIONS 3/E
|
| 1. Hacking Exposed Web Applications, Second Edition |
| 2. Back Cover |
| 3. About |
| 4. Foreword | Acknowledgments |
| 5. Introduction | Meeting The Web APP Security Challenge |
| 6. How This Book Is Organized | How This Book Is Organized Modularity Organization and Accessibility The Basic Building Blocks: Attacks and Countermeasures Other Visual Aids |
| 7. Online Resources And Tools | Online Resources And Tools |
| 8. A Final Word To Our Readers | A Final Word To Our Readers |
| 9. Chapter 1: Hacking Web Apps 101 | What Is Web Application Hacking? GUI Web Hacking URI Hacking Methods Headers And Body |
| 10. Resources | Resources Authentication Sessions And Authorization The Web Client And HTML Other Protocols |
| 11. References And Further Reading | References And Further Reading |
| 12. Summary | Summary |
| 13. How Are Web APPS Attacked? | How Are Web APPS Attacked? The Web Browser Browser Extensions HTTP Proxies Command-Line Tools Older Tools |
| 14. Who, When, And Where? | Who When And Where? Weak Spots |
| 15. Why Attack Web Applications? | Why Attack Web Applications? |
| 16. Chapter 2: Profiling | Overview |
| 17. Infrastructure Profiling | Infrastructure Profiling Footprinting And Scanning: Defining Scope Basic Banner Grabbing Advanced Http Fingerprinting Infrastructure Intermediaries |
| 18. References And Further Reading | References And Further Reading |
| 19. Summary | Summary |
| 20. General Countermeasures | General Countermeasures A Cautionary Note Protecting Directories Protecting Include Files Miscellaneous Tips |
| 21. Application Profiling | Application Profiling Manual Inspection Using Search Tools For Profiling Automated Web Crawling Common Web Application Profiles |
| 22. Chapter 3: Hacking Web Platforms | Overview |
| 23. Point-And-Click Exploitation Using Metasploit | Point-And-Click Exploitation Using Metasploit |
| 24. References And Further Reading | References And Further Reading |
| 25. Summary | Summary |
| 26. Web Platform Security Best Practices | Web Platform Security Best Practices Common Best Practices IIS Hardening Apache Hardening Php Best Practices |
| 27. Evading Detection | Evading Detection Log Evasion Using Long URLs Hiding Requests Using TRACK IIS Log Evasion Countermeasure |
| 28. Manual Exploitation | Manual Exploitation BEA WebLogic Remote Administration Exploit BEA WebLogic Remote Administration Countermeasure PEARPHP XML-RPC Code Execution PEARPHP XML-RPC Countermeasure PHP Remote Inclusion PHP Inclusion Countermeasure Remote IIS 5.x and IIS 6.0 Server Name Spoof Remote IIS 5.x and IIS 6.0 Server Name Spoof Countermeasure |
| 29. Chapter 4: Web Authentication Attacking | ca siteminder account lockout denial of service |
| 30. Bypassing Authentication | Bypassing Authentication Token Replay Countermeasures to Token Replay Attacks Identity Management Client-Side Piggybacking |
| 31. Some Final Thoughts: Identity Theft | Some Final Thoughts: Identity Theft |
| 32. Summary | Summary |
| 33. References And Further Reading | References And Further Reading |
| 34. Chapter 5: Attacking Web Authorization | Overview |
| 35. Fingerprinting Authz | Fingerprinting Authz Crawling Acls Identifying AccessSession Tokens Analyzing Session Tokens Differential Analysis Role Matrix |
| 36. Attacking Acls | Attacking Acls |
| 37. Attacking Tokens | Attacking Tokens Manual Prediction Use POST for Sensitive Data Automated Prediction CaptureReplay Session Fixation |
| 38. Authorization Attack Case Studies | Authorization Attack Case Studies Horizontal Privilege Escalation Vertical Privilege Escalation Differential Analysis Using Curl To Map Permissions |
| 39. Authorization Best Practices | Authorization Best Practices Web Acl Best Practices Web AuthorizationSession Token Security Security Logs |
| 40. Summary | Summary |
| 41. References And Further Reading | References And Further Reading |
| 42. Chapter 6: Input Validation Attacks | Overview |
| 43. Expect The Unexpected | Expect The Unexpected |
| 44. Where To Find Attack Vectors | Where To Find Attack Vectors |
| 45. Bypass Client-Side Validation Routines | Bypass Client-Side Validation Routines |
| 46. Common Input Validation Attacks | Common Input Validation Attacks Buffer Overflow Canonicalization (Dot-Dot-Slash) Countermeasures Html Injection Countermeasures Boundary Checks Manipulate Application Behavior SQL Injection And Datastore Attacks Command Execution Encoding Abuse Php Global Variables Common Side-Effects Common Countermeasures |
| 47. Summary | Summary |
| 48. References And Further Reading | References And Further Reading |
| 49. Chapter 7: Attacking Web Datastores | Overview |
| 50. SQL Primer | SQL Primer Syntax SELECT INSERT And UPDATE |
|
|
Authors: Scambray J. Shema M. Bhalla N. ISBN: 0071740643 Current page: 1 from 127 This Book reviews are presented on flylib.comOur library present to you materials from book Hacking Exposed Web Applications. Warning! The page Table of content from this book is informational only! Do not print out this page! Do NOT SUBMIT this page as part of your website or work without confirmation from the authors. You can read the contents of the book, but we strongly recommend that you purchase. or example, you can Buy this book on Amazon.com |
| Buy on Amazon | ||||
J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)
|
Hacking Exposed Web Applications Security Secrets and Solutions Second Edition (Signed Copy)
|
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
|
HACKING EXPOSED WEB APPLICATIONS 3rd Edition
|
HACKING EXPOSED WEB APPLICATIONS 3/E
|