1 2
| 1. Hacker Web Exploitation Uncovered |
| 2. Back Cover | hacker web exploitation uncovered challenges |
| 3. About |
| 4. Introduction | Overview |
| 5. To the Reader | To the Reader |
| 6. Chapter 1: The Internet Is a Hostile Environment | Overview Dynamics Causes Holes Stable Systems Filtration When Filtration Is Insufficient The Main Principles of Secure Programming |
| 7. Chapter 2: Vulnerabilities in Scripts | Data-Sending Methods The HTTP GET Method The HTTP POST Method Combining the GET and POST Methods COOKIE Parameters Hidden Fields Simulating an HTTP Session Changing the Sent Data |
| 8. Vulnerabilities Specific to PHP Scripts | Vulnerabilities Specific to PHP Scripts PHP Source Code Injection Protection The Lack of Variable Initialization Errors in Included Files Errors When Uploading Files |
| 9. Errors Specific to Perl Scripts | Errors Specific to Perl Scripts An Internal Server Error Creating a Process in the open() Function Injecting Perl Source Code Executing and Viewing Included Files |
| 10. Errors Not Specific to a Particular Programming Language | Errors Not Specific to a Particular Programming Language File Output Mistakes Embedding Code into the system() Function File Uploading Errors The Referer and X-FORWARDED-FOR Header Fields Disclosing Other Information |
| 11. Chapter 3: SQL Injection | Overview |
| 12. Looking for Vulnerabilities | Looking for Vulnerabilities When Error Messages are Enabled When Error Messages are Disabled |
| 13. Investigating Queries | Investigating Queries The Type of Query Apostrophes and Quotation Marks in a Query An Example |
| 14. MySQL | MySQL MySQL Versions Access Differentiation in MySQL Detecting MySQL MySQL 4.x and Stolen Data MySQL 3.x and Stolen Data My SQL and Files Solving Problems Denial-of-Service Attack and My SQL Injection |
| 15. Other Types of Database Servers | Other Types of Database Servers PostgreSQL MsSQL Oracle |
| 16. Conclusion | Conclusion |
| 17. Chapter 4: Secure Authorization and Authentication | Overview |
| 18. Logging In | Logging In A Long URL Authentication on the Client Solitary Password Login and Password |
| 19. Changing the Appearance of HTML Pages | Subsequent Authentication COOKIE Parameters Sessions |
| 20. HTTP Basic Authentication | HTTP Basic Authentication |
| 21. HTTPS | HTTPS |
| 22. Methods for Strengthening Protection | Methods for Strengthening Protection Limitation by an IP Address |
| 23. Recovery of a Password | Recovery of a Password |
| 24. Well-Designed Protection | Well-Designed Protection |
| 25. Conclusion | Conclusion |
| 26. Chapter 5: XSS and Stolen Cookies | Overview |
| 27. Basics | Basics |
| 28. The Danger of the Vulnerability | The Danger of the Vulnerability |
| 29. Changing the Appearance of HTML Pages | Changing the Appearance of HTML Pages |
| 30. Sending Data with JavaScript | Sending Data with JavaScript |
| 31. Solving Problems | Solving Problems |
| 32. Obtaining Users Cookies | Obtaining Users Cookies |
| 33. Collecting Statistics | Collecting Statistics |
| 34. Performing Concealed Actions on Behalf of the Administrator | Performing Concealed Actions on Behalf of the Administrator |
| 35. Fixing a Session | Fixing a Session |
| 36. An Event-Processing Vulnerability | An Event-Processing Vulnerability |
| 37. Embedding JavaScript Code into the Address Line | Embedding JavaScript Code into the Address Line |
| 38. Avoiding the XSS Vulnerability | Avoiding the XSS Vulnerability |
| 39. Chapter 6: The Myth about Secure Configuration | Overview |
| 40. Secure PHP Settings | Secure PHP Settings Accessing Remote Files Displaying and Reporting Errors Magic Quotes Global Variables Exposing PHP Other Configuration Directives The Safe Mode |
| 41. The Apache mod_security Module | reject mysql parameter with mod_security |
| 42. Methods for Passive Analysis and Circumvention | Methods for Passive Analysis and Circumvention Examining HTML Code Reading Hidden Fields and JavaScript Code |
| 43. HTML Restrictions | HTML Restrictions |
| 44. Log Files and Detecting the Attacker | Log Files and Detecting the Attacker |
| 45. Conclusion | Conclusion |
| 46. Chapter 7: Shared Hosting and Security Issues | Overview |
| 47. Accessing System Owners Files | Accessing System Owners Files |
| 48. Files and the Web Server | Files and the Web Server |
| 49. Hosting and Databases | Hosting and Databases |
| 50. The Problem with Disclosed Code | The Problem with Disclosed Code |
1 2
|
|
Authors: Nizamutdinov M. Current page: 1 from 77 This Free e books are presented on flylib.comOur library present to you materials from book Hacker Web Exploition Uncovered. Warning! The page Table of content from this book is informational only! Do not print out this page! Do NOT SUBMIT this page as part of your website or work without confirmation from the authors. You can read the contents of the book, but we strongly recommend that you purchase. |