Book Organization

Previous page
Table of content
Next page

Book Organization

We wrote this book for maximum absorption and comprehension that is, moving from introductory to intermediate to advanced techniques and concepts. To accomplish this goal, we organized this book into four parts, containing seventeen chapters, and appendices.

Parts

         Part One The E-Commerce Playground

         Part Two URLs Unraveled

         Part Three How Do They Do It?

         Part Four Advanced Web Kung Fu

Each Part gets progressively more advanced in content and delivery, going from a brief Web languages introduction (Chapter 1) to finding and exploiting your own buffer overflows (Chapter 14). But don't let the increasing pace derail your learning. If you missed something, you can go back to it or, in some cases, you may be able to pick it up as you go along.

Parts One and Two give you a preliminary and then an intermediate introduction to the World Wide Web. In E-Commerce Playground we show you how the Web works its languages, applications, databases, protocols, and syntax. In URLs Unraveled, we delve into the meaning of the URL, what is important to an attacker, and how visible code can be helpful to an attacker; we also show you how mapping Web sites can be crucial to an attacker's repertoire.

In Part Three we demystify the art of Web hacking, how it is pulled off, and how simple steps at development time can eliminate a large portion of the threat. This part is by far the meatier of the parts in terms of the information presented and often provides the best clues about how hackers do what they do. Each chapter provides both a detailed analysis of the hack as well as a countermeasure section at the end to help prevent the hack.

In Part Four we discuss some advanced Web hacking concepts, methodologies, and tools that you simply can't afford to miss.

Finally, at the end of the book, you will find Appendices that include a list of common Web ports on the Internet, cheat sheets for remote command execution, and source code disclosure techniques, among other useful information.

Chapters

Part One, The E-Commerce Playground, contains five chapters.

         Chapter 1, Web Languages: The Babylon of the 21st Century discusses all the major Web languages used on the Internet today.

         Chapter 2, Web and Database Servers discusses the technologies behind the Web and how they introduce vulnerabilities.

         Chapter 3, Shopping Carts and Payment Gateways discusses the technologies behind online shopping carts and E-commerce sites on the Web.

         Chapter 4, HTTP and HTTPS: The Hacking Protocols discusses the two main protocols used to direct Web and E-commerce traffic on the Internet.

         Chapter 5, URL: The Web Hacker's Sword discusses understanding everything about a Web site just from reading the URL.

Part Two, URLs Unraveled, contains three chapters.

         Chapter 6, Web: Under(the)Cover discusses the details of a complete Web application, including all its components and dependencies.

         Chapter 7, Reading Between the Lines discusses the fine art of disclosing source in a Web browser or alternative interface.

         Chapter 8, Site Linkage Analysis discusses how attackers inventory a Web site to understand the application as a whole and how to attack it.

Part Three, How Do They Do It?, contains six chapters.

         Chapter 9, Cyber Grafitti discusses how attackers deface Web sites, their techniques, and their tricks.

         Chapter 10, E-Shoplifting discusses how attackers commit online shoplifting by tricking an application to give them merchandise at a lower price.

         Chapter 11, Database Access discusses how attackers break into Web applications through the database.

         Chapter 12, Java: Remote Command Execution discusses how attackers use Java as a mechanism for breaking into a system.

         Chapter 13, Impersonation discusses how an attacker can take on another user's identity.

         Chapter 14, Buffer Overflows: On-the-Fly discusses how an attacker can identify and create overflows in an application.

Part Four, Advanced Web Kung Fu, contains the final three chapters.

         Chapter 15, Web Hacking: Automated Tools discusses the tools and techniques that hackers use to perform many of their tricks in an automated fashion.

         Chapter 16, Worms discusses the deadly worm and how it is created, propagated, and removed.

         Chapter 17, Beating the IDS discusses how IDS can help and hurt a hunt for an attacker.

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
High-Speed Signal Propagation[c] Advanced Black Magic
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
Comparing, Designing, and Deploying VPNs
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy