Hacking Exposed Web Applications
by Joel Scambray, Mike Shema
DescriptionTable of ContentsDetailsHashtagsReport an issue
What you'll learn:
- The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
- How attackers identify potential weaknesses in Web application components
- What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
- How to survey Web applications for potential vulnerabilities -including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
- Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
- Most common input validation attacks-crafted input, command execution characters, and buffer overflows
- Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
- XML Web services vulnerabilities and best practices
- Tools and techniques used to hack Web clients-including cross-site scripting, active content attacks and cookie manipulation
-Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences 
Book Description
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks-both simple and sophisticated-and detailed countermeasures to protect against them.What you'll learn:
- The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
- How attackers identify potential weaknesses in Web application components
- What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
- How to survey Web applications for potential vulnerabilities -including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
- Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
- Most common input validation attacks-crafted input, command execution characters, and buffer overflows
- Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
- XML Web services vulnerabilities and best practices
- Tools and techniques used to hack Web clients-including cross-site scripting, active content attacks and cookie manipulation
-Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences
This open book is licensed under a Open Publication License (OPL). You can download Hacking Exposed Web Applications ebook for free in PDF format (8.6 MB).
Table of Contents
Part I
Reconnaissance
Chapter 1
Introduction to Web Applications and Security
Chapter 2
Profiling
Chapter 3
Hacking Web Servers
Chapter 4
Surveying the Application
Part II
The Attack
Chapter 5
Authentication
Chapter 6
Authorization
Chapter 7
Attacking Session State Management
Chapter 8
Input Validation Attacks
Chapter 9
Attacking Web Datastores
Chapter 10
Attacking Web Services
Chapter 11
Hacking Web Application Management
Chapter 12
Web Client Hacking
Chapter 13
Case Studies
Part III
Appendixes
Appendix A
Web Site Security Checklist
Appendix B
Web Hacking Tools and Techniques Cribsheet
Appendix C
Using Libwhisker
Appendix D
UrlScan Installation and Configuration
Book Details
Title
Hacking Exposed Web Applications
Subject
Computer Science
Publisher
McGraw-Hill
Published
2002
Pages
416
Edition
1
Language
English
ISBN13 Digital
9780072224382
ISBN10 Digital
007222438X
PDF Size
8.6 MB
License
Open Publication License
Related Books
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman, a senior security engineer at Salesforce, intro...
The audience for this guide is mainly developers, development leads, and architects who are interested in building modern web applications using Microsoft technologies and services in the cloud.
A secondary audience is technical decision makers who are already familiar ASP.NET or Azure and are looking for information on whether it makes sense to...
You can cache static assets - more than half the payload needed to respond to many web requests - and even application‑generated web pages (whether partial or complete). And you can use cache clusters and microcaching to increase the caching capability of your web applications while simplifying implementation and reducing operational complexity.
...
Learn how to run your web projects - everything from simple sites to complex applications - without a single server. It's possible with the JAMstack, a modern web development architecture for deploying fast, highly-scalable sites and applications that don't require traditional origin infrastructure. This practical report explains how the ...
Digital accessibility skills are in high demand, as the world becomes more aware of barriers in digital content that prevent some people from participating in a digital society. These are essential skills for web developers, and essential knowledge for organizations that want to ensure their web content is reaching the broadest audience possible.
...
Azure Web Apps is a fully managed platform that you can use to build mission-critical web applications that are highly available, secure, and scalable to global proportions. Combined with first-class tooling from Visual Studio and the Microsoft Azure Tools, the Azure Web Apps service is the fastest way to get your web application to production. Azu...