How to attack and defend your website

How to attack and defend your website

How to Attack and Defend Your Website is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP prot...

Descripción completa

Detalles Bibliográficos
Otros Autores: Dalziel, Henry, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Waltham, Massachusetts : Syngress 2015.
Edición:1st edition
Materias:
Internet > Security measures.
Web servers > Security measures.
World Wide Web > Security measures.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629220906719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Table of contents
  • Author Biography
  • Contributing Editor Biography
  • Introduction
  • Chapter 1 - Web Technologies
  • 1.1 - Web servers
  • 1.2 - Client-side versus server-side programming languages
  • 1.3 - JavaScript - what is it?
  • 1.4 - What can JavaScript do?
  • 1.5 - What can JavaScript not do?
  • 1.6 - Databases
  • 1.7 - What about HTML?
  • 1.8 - Web technologies - putting it together
  • 1.9 - Digging deeper
  • 1.10 - Hypertext Transfer Protocol (HTTP)
  • 1.11 - Verbs
  • 1.12 - Special characters and encodings
  • 1.13 - Cookies, sessions, and authentication
  • 1.14 - Short exercise: Linux machine setup
  • 1.15 - Using the Burp Suite intercepting proxy
  • 1.16 - Why is the intercepting proxy important?
  • 1.17 - Short exercise - using the Burp Suite decoder
  • 1.18 - Short exercise - getting comfortable with HTTP and Burp Suite
  • 1.18.1 - Solution
  • 1.19 - Understanding the application
  • 1.20 - The Burp Suite site map
  • 1.21 - Discovering content and structures
  • 1.22 - Understanding an application
  • Chapter 2 - Exploitation
  • 2.1 - Bypassing client side controls
  • 2.1.1 - Steps for Bypassing Controls
  • 2.2 - Bypassing client-side controls - example
  • 2.2.1 - Short Exercise: Bypassing Client-Side Control
  • 2.3 - Bypassing client-side controls - exercise solution
  • 2.4 - SQL injection
  • 2.5 - SQL injection
  • 2.6 - Short Exercise: Pwning with SQLMap
  • 2.6.1 - Hack Steps
  • 2.6.2 - Solution: Pwning with SQLMap
  • 2.7 - Cross-site scripting (XSS)
  • 2.8 - Stored cross-site scripting XSS
  • 2.9 - Short exercise: using stored XSS to deface a website
  • 2.9.1 - Solution - Using Stored XSS
  • Chapter 3 - Finding Vulnerabilities
  • 3.1 - The basic process - steps
  • 3.2 - Exercise - finding vulnerabilities.

Ejemplares similares