Hacking Exposed - Web Applications
http://www.team509.com/download/docs/security/WEB/McGraw.Hill.Hacking.Exposed.Web.Applications.iNT.eBook-DDU.pdf
Book Description: Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.
- Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
- Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
- Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
- See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques
- Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
- Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
- Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
- Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware
TABLE OF CONTENT:
chapter 01 - Introduction to Web application And Security
chapter 02 - Profiling
chapter 03 - Hacking Web Servers
chapter 04 - Surveying The Application
chapter 05 - Authentication
chapter 06 - Authorization
chapter 07 - Attacking Session State Management
chapter 08 - Input Validation Attacks
chapter 09 - Attacking Web Datastores
chapter 10 - Attacking Web Services
chapter 11 - Hacking Web Application Management
chapter 12 - Web Clients Hacking
chapter 13 - Case Studies
Appendix A - Web Site Security Checklist
Appendix B - Web Hacking Tools And Techniques Cribsheet
Appendix C - Using Libwhisker
Appendix D - UrlScan Installation And Configuration
Appendix E - About the Companion Web Sites
Book Info: Published in 2002 Published by McGraw-Hill ISBN 007222438X Size 7.60MB
