UID:
almahu_9948025917402882
Format:
1 online resource (187 p.)
Edition:
1st edition
ISBN:
1-282-54173-0
,
9786612541735
,
1-59749-544-1
Series Statement:
Syngress seven deadliest attacks series
Content:
Do you need to keep up with the latest hacks, attacks, and exploits effecting web applications? Then you need Seven Deadliest Web Application Attacks. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Cross-Site Scripting (XSS)Cross-Site Reque
Note:
Includes index.
,
Front Cover; Half Title Page; Series Title Page; Title Page; Copyright Page; Table of Contents; About the Authors; Introduction; Chapter 1. Cross-Site Scripting; Understanding HTML Injection; Identifying Points of Injection; Distinguishing Different Delivery Vectors; Handling Character Sets Safely; Not Failing Secure; Avoiding Blacklisted Characters Altogether; Dealing with Browser Quirks; The Unusual Suspects; Employing Countermeasures; Fixing a Static Character Set; Normalizing Character Sets and Encoding; Encoding the Output; Beware of Exclusion Lists and Regexes
,
Reuse, Don't Reimplement, CodeJavaScript Sandboxes; Summary; Chapter 2. Cross-Site Request Forgery; Understanding Cross-Site Request Forgery; Request Forgery via Forced Browsing; Attacking Authenticated Actions without Passwords; Dangerous Liaison: CSRF and XSS; Beyond GET; Be Wary of the Tangled Web; Variation on a Theme: Clickjacking; Employing Countermeasures; Defending the Web Application; Defending the Web Browser; Summary; Chapter 3. Structured Query Language Injection; Understanding SQL Injection; Breaking the Query; Vivisecting the Database; Alternate Attack Vectors
,
Employing CountermeasuresValidating Input; Securing the Query; Protecting Information; Stay Current with Database Patches; Summary; Chapter 4. Server Misconfiguration and Predictable Pages; Understanding the Attacks; Identifying Insecure Design Patterns; Targeting the Operating System; Attacking the Server; Employing Countermeasures; Restricting File Access; Using Object References; Blacklisting Insecure Functions; Enforcing Authorization; Restricting Network Connections; Summary; Chapter 5. Breaking Authentication Schemes; Understanding Authentication Attacks; Replaying the Session Token
,
Brute ForceSniffing; Resetting Passwords; Cross-Site Scripting; SQL Injection; Gulls and Gullibility; Employing Countermeasures; Protect Session Cookies; Engage the User; Annoy the User; Request Throttling; Logging and Triangulation; Use Alternate Authentication Schemes; Defeating Phishing; Protecting Passwords; Summary; Chapter 6. Logic Attacks; Understanding Logic Attacks; Abusing Workflows; Exploit Policies and Practices; Induction; Denial of Service; Insecure Design Patterns; Information Sieves; Employing Countermeasures; Documenting Requirements; Creating Robust Test Cases
,
Mapping Policies to ControlsDefensive Programming; Verifying the Client; Summary; Chapter 7. Web of Distrust; Understanding Malware and Browser Attacks; Malware; Plugging into Browser Plug-ins; Domain Name System and Origins; HTML5; Employing Countermeasures; Safer Browsing; Isolating the Browser; DNS Security Extensions; Summary; Index; Preview Chapter
,
English
Additional Edition:
ISBN 1-59749-543-3
Language:
English
