Web application defender's cookbook battling hackers and protecting users
Defending your web applications against hackers and attackers The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that boo...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, Ind. :
Wiley Pub., Inc
2013.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628851806719 |
Tabla de Contenidos:
- Web Application Defender's Cookbook: Battling Hackers and Protecting Users; Foreword; Introduction; Part I: Preparing the Battle Space; Chapter 1: Application Fortification; Recipe 1-1: Real-time Application Profiling; Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens; Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS); Recipe 1-4: Integrating Intrusion Detection System Signatures; Recipe 1-5: Using Bayesian Attack Payload Detection; Recipe 1-6: Enable Full HTTP Audit Logging; Recipe 1-7: Logging Only Relevant Transactions
- Recipe 1-8: Ignoring Requests for Static ContentRecipe 1-9: Obscuring Sensitive Data in Logs; Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog; Recipe 1-11: Using the ModSecurity AuditConsole; Chapter 2: Vulnerability Identification and Remediation; Recipe 2-1: Passive Vulnerability Identification; Recipe 2-2: Active Vulnerability Identification; Recipe 2-3: Manual Scan Result Conversion; Recipe 2-4: Automated Scan Result Conversion; Recipe 2-5: Real-time Resource Assessments and Virtual Patching; Chapter 3: Poisoned Pawns (Hacker Traps); Recipe 3-1: Adding Honeypot Ports
- Recipe 3-2: Adding Fake robots.txt Disallow EntriesRecipe 3-3: Adding Fake HTML Comments; Recipe 3-4: Adding Fake Hidden Form Fields; Recipe 3-5: Adding Fake Cookies; Part II: Asymmetric Warfare; Chapter 4: Reputation and Third-Party Correlation; Recipe 4-1: Analyzing the Client's Geographic Location Data; Recipe 4-2: Identifying Suspicious Open Proxy Usage; Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL); Recipe 4-4: Running Your Own RBL; Recipe 4-5: Detecting Malicious Links; Chapter 5: Request Data Analysis; Recipe 5-1: Request Body Access
- Recipe 5-2: Identifying Malformed Request BodiesRecipe 5-3: Normalizing Unicode; Recipe 5-4: Identifying Use of Multiple Encodings; Recipe 5-5: Identifying Encoding Anomalies; Recipe 5-6: Detecting Request Method Anomalies; Recipe 5-7: Detecting Invalid URI Data; Recipe 5-8: Detecting Request Header Anomalies; Recipe 5-9: Detecting Additional Parameters; Recipe 5-10: Detecting Missing Parameters; Recipe 5-11: Detecting Duplicate Parameter Names; Recipe 5-12: Detecting Parameter Payload Size Anomalies; Recipe 5-13: Detecting Parameter Character Class Anomalies
- Chapter 6: Response Data AnalysisRecipe 6-1: Detecting Response Header Anomalies; Recipe 6-2: Detecting Response Header Information Leakages; Recipe 6-3: Response Body Access; Recipe 6-4: Detecting Page Title Changes; Recipe 6-5: Detecting Page Size Deviations; Recipe 6-6: Detecting Dynamic Content Changes; Recipe 6-7: Detecting Source Code Leakages; Recipe 6-8: Detecting Technical Data Leakages; Recipe 6-9: Detecting Abnormal Response Time Intervals; Recipe 6-10: Detecting Sensitive User Data Leakages; Caution; Recipe 6-11: Detecting Trojan, Backdoor, and Webshell Access Attempts
- Chapter 7: Defending Authentication
