J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)
|
Hacking Exposed Web Applications Security Secrets and Solutions Second Edition (Signed Copy)
|
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
|
HACKING EXPOSED WEB APPLICATIONS 3rd Edition
|
HACKING EXPOSED WEB APPLICATIONS 3/E
|
Hacking Exposed Web Applications
Table of content
-
1. Hacking Exposed Web Applications, Second Edition -
2. Back Cover -
3. About -
4. Foreword Acknowledgments
-
5. Introduction Meeting The Web APP Security Challenge
-
6. How This Book Is Organized How This Book Is Organized
Modularity
Organization
and Accessibility
The Basic Building Blocks: Attacks and Countermeasures
Other Visual Aids
-
7. Online Resources And Tools Online Resources And Tools
-
8. A Final Word To Our Readers A Final Word To Our Readers
-
9. Chapter 1: Hacking Web Apps 101 What Is Web Application Hacking?
GUI Web Hacking
URI Hacking
Methods
Headers
And Body
-
10. Resources Resources
Authentication
Sessions
And Authorization
The Web Client And HTML
Other Protocols
-
11. References And Further Reading References And Further Reading
-
12. Summary Summary
-
13. How Are Web APPS Attacked? How Are Web APPS Attacked?
The Web Browser
Browser Extensions
HTTP Proxies
Command-Line Tools
Older Tools
-
14. Who, When, And Where? Who
When
And Where?
Weak Spots
-
15. Why Attack Web Applications? Why Attack Web Applications?
-
16. Chapter 2: Profiling Overview
-
17. Infrastructure Profiling Infrastructure Profiling
Footprinting And Scanning: Defining Scope
Basic Banner Grabbing
Advanced Http Fingerprinting
Infrastructure Intermediaries
-
18. References And Further Reading References And Further Reading
-
19. Summary Summary
-
20. General Countermeasures General Countermeasures
A Cautionary Note
Protecting Directories
Protecting Include Files
Miscellaneous Tips
-
21. Application Profiling Application Profiling
Manual Inspection
Using Search Tools For Profiling
Automated Web Crawling
Common Web Application Profiles
-
22. Chapter 3: Hacking Web Platforms Overview
-
23. Point-And-Click Exploitation Using Metasploit Point-And-Click Exploitation Using Metasploit
-
24. References And Further Reading References And Further Reading
-
25. Summary Summary
-
26. Web Platform Security Best Practices Web Platform Security Best Practices
Common Best Practices
IIS Hardening
Apache Hardening
Php Best Practices
-
27. Evading Detection Evading Detection
Log Evasion Using Long URLs
Hiding Requests Using TRACK
IIS Log Evasion Countermeasure
-
28. Manual Exploitation Manual Exploitation
BEA WebLogic Remote Administration Exploit
BEA WebLogic Remote Administration Countermeasure
PEARPHP XML-RPC Code Execution
PEARPHP XML-RPC Countermeasure
PHP Remote Inclusion
PHP Inclusion Countermeasure
Remote IIS 5.x and IIS 6.0 Server Name Spoof
Remote IIS 5.x and IIS 6.0 Server Name Spoof Countermeasure
-
29. Chapter 4: Web Authentication Attacking ca siteminder account lockout denial of service
-
30. Bypassing Authentication Bypassing Authentication
Token Replay
Countermeasures to Token Replay Attacks
Identity Management
Client-Side Piggybacking
-
31. Some Final Thoughts: Identity Theft Some Final Thoughts: Identity Theft
-
32. Summary Summary
-
33. References And Further Reading References And Further Reading
-
34. Chapter 5: Attacking Web Authorization Overview
-
35. Fingerprinting Authz Fingerprinting Authz
Crawling Acls
Identifying AccessSession Tokens
Analyzing Session Tokens
Differential Analysis
Role Matrix
-
36. Attacking Acls Attacking Acls
-
37. Attacking Tokens Attacking Tokens
Manual Prediction
Use POST for Sensitive Data
Automated Prediction
CaptureReplay
Session Fixation
-
38. Authorization Attack Case Studies Authorization Attack Case Studies
Horizontal Privilege Escalation
Vertical Privilege Escalation
Differential Analysis
Using Curl To Map Permissions
-
39. Authorization Best Practices Authorization Best Practices
Web Acl Best Practices
Web AuthorizationSession Token Security
Security Logs
-
40. Summary Summary
-
41. References And Further Reading References And Further Reading
-
42. Chapter 6: Input Validation Attacks Overview
-
43. Expect The Unexpected Expect The Unexpected
-
44. Where To Find Attack Vectors Where To Find Attack Vectors
-
45. Bypass Client-Side Validation Routines Bypass Client-Side Validation Routines
-
46. Common Input Validation Attacks Common Input Validation Attacks
Buffer Overflow
Canonicalization (Dot-Dot-Slash)
Countermeasures
Html Injection
Countermeasures
Boundary Checks
Manipulate Application Behavior
SQL Injection And Datastore Attacks
Command Execution
Encoding Abuse
Php Global Variables
Common Side-Effects
Common Countermeasures
-
47. Summary Summary
-
48. References And Further Reading References And Further Reading
-
49. Chapter 7: Attacking Web Datastores Overview
-
50. SQL Primer SQL Primer
Syntax
SELECT
INSERT
And UPDATE
|
|
Authors: Scambray J. Shema M. Bhalla N. ISBN: 0071740643 Current page: 1 from 127 This Book reviews are presented on flylib.comOur library present to you materials from book Hacking Exposed Web Applications. Warning! The page Table of content from this book is informational only! Do not print out this page! Do NOT SUBMIT this page as part of your website or work without confirmation from the authors. You can read the contents of the book, but we strongly recommend that you purchase. or example, you can Buy this book on Amazon.com |
- Authors:
- Scambray J.
- Shema M.
- Bhalla N.
- Keys:
- references
- security
- application
- attack
- hacking
- tools
- general
- review
| Buy on Amazon | ||||
|
J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)
|
Hacking Exposed Web Applications Security Secrets and Solutions Second Edition (Signed Copy)
|
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
|
HACKING EXPOSED WEB APPLICATIONS 3rd Edition
|
HACKING EXPOSED WEB APPLICATIONS 3/E
|
Privacy Policy