Mike Shema - Hacking Web Apps: Detecting and Preventing Web Application Security Problems
Here you can read online Mike Shema - Hacking Web Apps: Detecting and Preventing Web Application Security Problems full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2012, publisher: Syngress, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Hacking Web Apps: Detecting and Preventing Web Application Security Problems
- Author:
- Publisher:Syngress
- Genre:
- Year:2012
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
Hacking Web Apps: Detecting and Preventing Web Application Security Problems: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Hacking Web Apps: Detecting and Preventing Web Application Security Problems" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve.
Attacks featured in this book include:
. SQL Injection
. Cross Site Scripting
. Logic Attacks
. Server Misconfigurations
. Predictable Pages
. Web of Distrust
. Breaking Authentication Schemes
. HTML5 Security Breaches
. Attacks on Mobile Apps
Even if you dont develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked-as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser - sometimes your last line of defense - more secure.
- More and more data, from finances to photos, is moving into web applications. How much can you trust that data to be accessible from a web browser anywhere and safe at the same time?
- Some of the most damaging hacks to a web site can be executed with nothing more than a web browser and a little knowledge of HTML.
- Learn about the most common threats and how to stop them, including HTML Injection, XSS, Cross Site Request Forgery, SQL Injection, Breaking Authentication Schemes, Logic Attacks, Web of Distrust, Browser Hacks and many more.
Mike Shema: author's other books
Who wrote Hacking Web Apps: Detecting and Preventing Web Application Security Problems? Find out the surname, the name of the author of the book and a list of all author's works by series.
Hacking Web Apps: Detecting and Preventing Web Application Security Problems — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Hacking Web Apps: Detecting and Preventing Web Application Security Problems" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Detecting and Preventing Web Application Security Problems
Mike Shema
Technical Editor
Jorge Blanco Alcover
Acquiring Editor:Chris Katsaropolous
Development Editor:Meagan White
Project Manager:Jessica Vaughan
Designer:Kristen Davis
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
2012 ELSEVIER, Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-951-4
Printed in the United States of America
12 13 14 15 16 10 9 8 7 6 5 4 3 2 1
For information on all Syngress publications visit our website at www.syngress.com
Michael Cross develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.
Several people deserve thanks for helping move this book from concept to completion. The Lorimer crew provided endless entertainment and unexpected lessons in motivation. The development team at Elsevier helped immensely. Thanks to Chris Katsaropoulos for urging this book along; and Alex Burack, Dave Bevans, Jessica Vaughn, Meagan White, and Andre Cuello for shepherding it to the finish line. Finally, its important to thank the readers of the Seven Deadliest Web Attacks whose interest in web security and feedback helped make the writing process a rewarding experience.
Mike Shema
487 Hill Street, San Francisco, CA 94114, USA
Tel.: +1 415 871 3880
Book Overview and Key Learning Points
Book Audience
How this Book is Organized
Where to Go From Here
Pick your favorite cliche or metaphor youve heard regarding The Web. The aphorism might generically describe Web security or evoke a mental image of the threats faced by and emanating from Web sites. This book attempts to illuminate the vagaries of Web security by tackling eight groups of security weaknesses and vulnerabilities most commonly exploited by hackers. Some of the attacks will sound very familiar. Other attacks may be unexpected, or seem unfamiliar simply because they neither adorn a top 10 list nor make headlines. Attackers might go for the lowest common denominator, which is why vulnerabilities like cross-site scripting and SQL injection garner so much attentionthey have an unfortunate combination of pervasiveness and ease of exploitation. Determined attackers might target ambiguities in the design of a sites workflows or assumptionsexploits that result in significant financial gain that may be specific to one site only, but leave few of the tell-tale signs of compromise that more brutish attacks like SQL injection do.
On the Web information equals money. Credit cards clearly have value to hackers; underground carder sites have popped up that deal in stolen cards; complete with forums, user feedback, and seller ratings. Yet our personal information, passwords, email accounts, on-line game accounts, and so forth all have value to the right buyer, let alone the value we personally place in keeping such things private. Consider the murky realms of economic espionage and state-sponsored network attacks that have popular attention and grand claims, but a scarcity of reliable public information. (Not that it matters to Web security that cyberwar exists or not; on that topic we care more about WarGames and Wintermute for this book.) Its possible to map just about any scam, cheat, trick, ruse, and other synonyms from real-world conflict between people, companies, and countries to an analogous attack executed on the Web. Theres no lack of motivation for trying to gain illicit access to the wealth of information on the Web, whether for glory, country, money, or sheer curiosity.
Each of the chapters in this book presents examples of different hacks against Web applications. The methodology behind the attack is explored as well as showing its potential impact. An impact may be against a sites security, or a users privacy. A hack may not even care about compromising a Web server, instead turning its focus on the browser. Web security impacts applications and browsers alike. After all, thats where the information is.
Then the chapter moves on to explain possible countermeasures for different aspects of the attack. Countermeasures are a tricky beast. Its important to understand how an attack works before designing a good defense. Its equally important to understand the limitations of a countermeasure and how other vulnerabilities might entirely bypass it. Security is an emergent property of the Web site; its not a summation of individual protections. Some countermeasures will show up several times, others make only a brief appearance.
Font size:
Interval:
Bookmark:
Similar books «Hacking Web Apps: Detecting and Preventing Web Application Security Problems»
Look at similar books to Hacking Web Apps: Detecting and Preventing Web Application Security Problems. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Hacking Web Apps: Detecting and Preventing Web Application Security Problems and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.