Chefs don't have time to write. While I was working on Smoke and Pickles, I was running a restaurant — a daily regimen of testing recipes,...
Continue »
Implement bulletproof e-business security the proven Hacking Exposed way
Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.
Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques
Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware
Book News Annotation:
Step-by-step instructions are given for defending against Web-based attacks in this book exposing the hacker's methods and thought processes. The book explains how intruders gather information, acquire targets, gain control, and cover their tracks, and describes real- world hacking incidents and countermeasures. Sixty pages of reference appendices provide checklists and instructions for using security software. Scambray is co-author of a previous book on hacking. Shema is a consultant, author, and technical editor to . Annotation c. Book News, Inc., Portland, OR (booknews.com)
Synopsis:
From the coauthor of the international bestseller Hacking Exposed, proven techniques for securing Web applications against cyber attacks
In this fully revised bestseller, IT security professionals will find the latest insights into the core security issues that plague online business platforms of all sizes. Hacking Exposed Web Applications, Second Edition, applies the bestselling Hacking Exposed computer security methodologies, technical rigor, and “from-the-trenches” experience to making the Web a safer, more secure place in which to do business.
Synopsis:
"This book goes a long way in making the Web a safer place to do business." — Mark Curphey, Chair of the Open Web Application Security Project
Unleash the hackers' arsenal to secure your Web applications
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks--both simple and sophisticated--and detailed countermeasures to protect against them.
What you'll learn:
The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
How attackers identify potential weaknesses in Web application components
What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
How to survey Web applications for potential vulnerabilities --including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
Most common input validation attacks--crafted input, command execution characters, and buffer overflows
Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
XML Web services vulnerabilities and best practices
Tools and techniques used to hack Web clients--including cross-site scripting, active content attacks and cookie manipulation
Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences
Joel Scambray (Lafayette, CA) is a Manager in the Information Systems Audit and Advisory Services practice of Ernst & Young. Joel has over five years experience working with a variety of computer and communications technologies from both an operational and strategic standpoint--ranging from Director of IS for a major commercial real estate firm to Technology Analyst for Info World Magazine.
Product details
520 pages
McGraw-Hill Osborne Media McGraw-Hill Osborne Media -
English9780072224382
Reviews:
"Synopsis"
by McGraw,
From the coauthor of the international bestseller Hacking Exposed, proven techniques for securing Web applications against cyber attacks
In this fully revised bestseller, IT security professionals will find the latest insights into the core security issues that plague online business platforms of all sizes. Hacking Exposed Web Applications, Second Edition, applies the bestselling Hacking Exposed computer security methodologies, technical rigor, and “from-the-trenches” experience to making the Web a safer, more secure place in which to do business.
"Synopsis"
by McGraw Hill,
"This book goes a long way in making the Web a safer place to do business." — Mark Curphey, Chair of the Open Web Application Security Project
Unleash the hackers' arsenal to secure your Web applications
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks--both simple and sophisticated--and detailed countermeasures to protect against them.
What you'll learn:
The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
How attackers identify potential weaknesses in Web application components
What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
How to survey Web applications for potential vulnerabilities --including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
Most common input validation attacks--crafted input, command execution characters, and buffer overflows
Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
XML Web services vulnerabilities and best practices
Tools and techniques used to hack Web clients--including cross-site scripting, active content attacks and cookie manipulation
Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences
Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and eBooks — here at Powells.com.
