Summer Reading Sale
 
 

Recently Viewed clear list


Original Essays | June 20, 2014

Lauren Owen: IMG The Other Vampire



It's a wild and thundery night. Inside a ramshackle old manor house, a beautiful young girl lies asleep in bed. At the window, a figure watches... Continue »

spacer
Qualifying orders ship free.
$10.95
Used Trade Paper
Ships in 1 to 3 days
Add to Wishlist
Qty Store Section
1 Burnside - Bldg. 2 Networking- Computer Security

This title in other editions

Hacking Exposed Web Applications

by

Hacking Exposed Web Applications Cover

 

Out of Print

Synopses & Reviews

Publisher Comments:

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

  • Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
  • Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
  •  Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
  • See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques
  • Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
  • Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
  • Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
  • Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

 

 

Book News Annotation:

Step-by-step instructions are given for defending against Web-based attacks in this book exposing the hacker's methods and thought processes. The book explains how intruders gather information, acquire targets, gain control, and cover their tracks, and describes real- world hacking incidents and countermeasures. Sixty pages of reference appendices provide checklists and instructions for using security software. Scambray is co-author of a previous book on hacking. Shema is a consultant, author, and technical editor to .
Annotation c. Book News, Inc., Portland, OR (booknews.com)

Synopsis:

From the coauthor of the international bestseller Hacking Exposed, proven techniques for securing Web applications against cyber attacks

In this fully revised bestseller, IT security professionals will find the latest insights into the core security issues that plague online business platforms of all sizes. Hacking Exposed Web Applications, Second Edition, applies the bestselling Hacking Exposed computer security methodologies, technical rigor, and “from-the-trenches” experience to making the Web a safer, more secure place in which to do business.

Synopsis:

"This book goes a long way in making the Web a safer place to do business." — Mark Curphey, Chair of the Open Web Application Security Project

Unleash the hackers' arsenal to secure your Web applications

In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks--both simple and sophisticated--and detailed countermeasures to protect against them.

What you'll learn:

  • The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
  • How attackers identify potential weaknesses in Web application components
  • What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
  • How to survey Web applications for potential vulnerabilities --including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
  • Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
  • Most common input validation attacks--crafted input, command execution characters, and buffer overflows
  • Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
  • XML Web services vulnerabilities and best practices
  • Tools and techniques used to hack Web clients--including cross-site scripting, active content attacks and cookie manipulation
  • Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences

About the Author

Joel Scambray (Lafayette, CA) is a Manager in the Information Systems Audit and Advisory Services practice of Ernst & Young. Joel has over five years experience working with a variety of computer and communications technologies from both an operational and strategic standpoint--ranging from Director of IS for a major commercial real estate firm to Technology Analyst for Info World Magazine.

Table of Contents

Chapter 1: Hacking Web Apps 101

Chapter 2: Profiling

Chapter 3: Hacking Web Platforms

Chapter 4: Attacking Web Authentication

Chapter 5: Attacking Web Authorization

Chapter 6: Input Validation Attacks

Chapter 7: Attacking Web Datastores

Chapter 8: Attacking XML Web Services

Chapter 9: Attacking Web Application Management

Chapter 10: Hacking Web Clients

Chapter 11: Denial-of-Service (DoS) Attacks

Chapter 12: Full-Knowledge Analysis

Chapter 13: Web Application Security Scanners

APPENDIX A: WEB APPLICATION SECURITY CHECKLIST

APPENDIX B: WEB HACKING TOOLS AND TECHNIQUES CRIBSHEET

APPENDIX C: URLScan AND ModSecurity

APPENDIX D: ABOUT THE COMPANION WEB SITE

INDEX

Product Details

ISBN:
9780072224382
Foreword:
Scambray, Joel
Author:
Curphey, Mark
Author:
Sima, Caleb
Author:
Scambray, Joel
Author:
Shema, Mike
Author:
Wong, David
Publisher:
McGraw-Hill Osborne Media McGraw-Hill Osborne Media
Location:
New York
Subject:
Networking - General
Subject:
Computer networks
Subject:
Internet - Web Site Design
Subject:
Web sites
Subject:
Computer security
Subject:
Internet - Security
Subject:
Security
Copyright:
Edition Number:
2
Edition Description:
Includes bibliographical references and index.
Series:
Hacking Exposed
Series Volume:
01-5548
Publication Date:
20060605
Binding:
Paperback
Grade Level:
Professional and scholarly
Language:
English
Illustrations:
Yes
Pages:
520
Dimensions:
9.125 x 7.380 in

Other books you might like

  1. Hacking Exposed Windows 2000:... Used Trade Paper $5.95
  2. Hacking Exposed J2ee & Java:... New Trade Paper $61.25
  3. Hacking Exposed Windows Server 2003... Used Trade Paper $4.75
  4. Hacking Exposed: Network Security... Used Trade Paper $5.95
  5. Web Database Applications With PHP &... Used Trade Paper $16.50
  6. Ccsp Cisco Secure Pix Firewall Self Stud Used Hardcover $5.98

Related Subjects

Computers and Internet » Networking » Computer Security

Hacking Exposed Web Applications Used Trade Paper
0 stars - 0 reviews
$10.95 In Stock
Product details 520 pages MCGRAW HILL COMPANIES - English 9780072224382 Reviews:
"Synopsis" by , From the coauthor of the international bestseller Hacking Exposed, proven techniques for securing Web applications against cyber attacks

In this fully revised bestseller, IT security professionals will find the latest insights into the core security issues that plague online business platforms of all sizes. Hacking Exposed Web Applications, Second Edition, applies the bestselling Hacking Exposed computer security methodologies, technical rigor, and “from-the-trenches” experience to making the Web a safer, more secure place in which to do business.

"Synopsis" by , "This book goes a long way in making the Web a safer place to do business." — Mark Curphey, Chair of the Open Web Application Security Project

Unleash the hackers' arsenal to secure your Web applications

In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks--both simple and sophisticated--and detailed countermeasures to protect against them.

What you'll learn:

  • The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
  • How attackers identify potential weaknesses in Web application components
  • What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
  • How to survey Web applications for potential vulnerabilities --including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
  • Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
  • Most common input validation attacks--crafted input, command execution characters, and buffer overflows
  • Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
  • XML Web services vulnerabilities and best practices
  • Tools and techniques used to hack Web clients--including cross-site scripting, active content attacks and cookie manipulation
  • Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences

spacer
spacer
  • back to top
Follow us on...




Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.