Seven deadliest web application attacks
Do you need to keep up with the latest hacks, attacks, and exploits effecting web applications? Then you need Seven Deadliest Web Application Attacks. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make...
| Autor principal: | |
|---|---|
| Otros Autores: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Amsterdam ; Boston :
Syngress
c2010.
|
| Edición: | 1st edition |
| Colección: | Syngress seven deadliest attacks series.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628310706719 |
Tabla de Contenidos:
- Front Cover; Half Title Page; Series Title Page; Title Page; Copyright Page; Table of Contents; About the Authors; Introduction; Chapter 1. Cross-Site Scripting; Understanding HTML Injection; Identifying Points of Injection; Distinguishing Different Delivery Vectors; Handling Character Sets Safely; Not Failing Secure; Avoiding Blacklisted Characters Altogether; Dealing with Browser Quirks; The Unusual Suspects; Employing Countermeasures; Fixing a Static Character Set; Normalizing Character Sets and Encoding; Encoding the Output; Beware of Exclusion Lists and Regexes
- Reuse, Don't Reimplement, CodeJavaScript Sandboxes; Summary; Chapter 2. Cross-Site Request Forgery; Understanding Cross-Site Request Forgery; Request Forgery via Forced Browsing; Attacking Authenticated Actions without Passwords; Dangerous Liaison: CSRF and XSS; Beyond GET; Be Wary of the Tangled Web; Variation on a Theme: Clickjacking; Employing Countermeasures; Defending the Web Application; Defending the Web Browser; Summary; Chapter 3. Structured Query Language Injection; Understanding SQL Injection; Breaking the Query; Vivisecting the Database; Alternate Attack Vectors
- Employing CountermeasuresValidating Input; Securing the Query; Protecting Information; Stay Current with Database Patches; Summary; Chapter 4. Server Misconfiguration and Predictable Pages; Understanding the Attacks; Identifying Insecure Design Patterns; Targeting the Operating System; Attacking the Server; Employing Countermeasures; Restricting File Access; Using Object References; Blacklisting Insecure Functions; Enforcing Authorization; Restricting Network Connections; Summary; Chapter 5. Breaking Authentication Schemes; Understanding Authentication Attacks; Replaying the Session Token
- Brute ForceSniffing; Resetting Passwords; Cross-Site Scripting; SQL Injection; Gulls and Gullibility; Employing Countermeasures; Protect Session Cookies; Engage the User; Annoy the User; Request Throttling; Logging and Triangulation; Use Alternate Authentication Schemes; Defeating Phishing; Protecting Passwords; Summary; Chapter 6. Logic Attacks; Understanding Logic Attacks; Abusing Workflows; Exploit Policies and Practices; Induction; Denial of Service; Insecure Design Patterns; Information Sieves; Employing Countermeasures; Documenting Requirements; Creating Robust Test Cases
- Mapping Policies to ControlsDefensive Programming; Verifying the Client; Summary; Chapter 7. Web of Distrust; Understanding Malware and Browser Attacks; Malware; Plugging into Browser Plug-ins; Domain Name System and Origins; HTML5; Employing Countermeasures; Safer Browsing; Isolating the Browser; DNS Security Extensions; Summary; Index; Preview Chapter
