Flylib.com
Web Hacking: Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors:
Stuart McClure
,
Saumil Shah
,
Shreeraj Shah
BUY ON AMAZON
Copyright
Foreword
Introduction
We re Secure, We Have a Firewall
Book Organization
A Final Word
Acknowledgments
Contributor
Part 1: The E-Commerce Playground
Chapter 1. Web Languages: The Babylon of the 21st Century
Introduction
Languages of the Web
Java
Summary
Chapter 2. Web and Database Servers
Introduction
Web Servers
Database Servers
Summary
Chapter 3. Shopping Carts and Payment Gateways
Introduction
Evolution of the Storefront
Electronic Shopping
Shopping Cart Systems
Implementation of a Shopping Cart Application
Examples of Poorly Implemented Shopping Carts
Processing Payments
Overview of the Payment Processing System
Interfacing with a Payment GatewayAn Example
Payment System Implementation Issues
PayPalEnabling Individuals to Accept Electronic Payments
Summary
Chapter 4. HTTP and HTTPS: The Hacking Protocols
Introduction
Protocols of the Web
Summary
Chapter 5. URL: The Web Hacker s Sword
Introduction
URL Structure
URLs and Parameter Passing
URL Encoding
Abusing URL Encoding
HTML Forms
Summary
Part 2: URLs Unraveled
Chapter 6. Web: Under (the) Cover
Introduction
The Components of a Web Application
Wiring the Components
Connecting with the Database
Specialized Web Application Servers
Identifying Web Application Components from URLs
The Basics of Technology Identification
Advanced Techniques for Technology Identification
Identifying Database Servers
Countermeasures
Summary
Chapter 7. Reading Between the Lines
Introduction
Information Leakage Through HTML
What the Browsers Don t Show You
Clues to Look For
HTML Comments
Internal and External Hyperlinks
E-Mail Addresses and Usernames
Keywords and Meta Tags
Hidden Fields
Client-Side Scripts
Automated Source Sifting Techniques
Sam Spade, Black Widow, and Teleport Pro
Summary
Chapter 8. Site Linkage Analysis
Introduction
HTML and Site Linkage Analysis
Site Linkage Analysis Methodology
Step 1: Crawling the Web Site
Step 2: Creating Logical Groups Within the Application Structure
Step 3: Analyzing Each Web Resource
Step 4: Inventorying Web Resources
Summary
Part 3: How Do They Do It?
Chapter 9. Cyber Graffiti
Introduction
Defacing Acme Travel, Inc. s Web Site
What Went Wrong?
HTTP Brute-Forcing Tools
Countermeasures Against the Acme Travel, Inc. Hack
Summary
Chapter 10. E-Shoplifting
Introduction
Building an Electronic Store
Evolution of Electronic Storefronts
Robbing Acme Fashions, Inc.
Overhauling www.acme-fashions.com
Postmortem and Further Countermeasures
Summary
Chapter 11. Database Access
Introduction
A Used Car Dealership Is Hacked
Countermeasures
Summary
Chapter 12. Java: Remote Command Execution
Introduction
Java-Driven Technology
Attacking a Java Web Server
Identifying Loopholes in Java Application Servers
Countermeasures
Summary
Chapter 13. Impersonation
Introduction
Session Hijacking: A Stolen Identity and a Broken Date
Session Hijacking
Postmortem of the Session Hijacking Attack
Application State Diagrams
HTTP and Session Tracking
Stateless Versus Stateful Applications
Cookies and Hidden Fields
Implementing Session and State Tracking
Summary
Chapter 14. Buffer Overflows: On-the-Fly
Introduction
Buffer Overflows
Postmortem Countermeasures
Summary
Part 4: Advanced Web Kung Fu
Chapter 15. Web Hacking: Automated Tools
Introduction
Netcat
Whisker
Brutus
Achilles
Cookie Pal
Teleport Pro
Security Recommendations
Summary
Chapter 16. Worms
Introduction
Code Red Worm
Summary
Chapter 17. Beating the IDS
Introduction
IDS Basics
IDS Accuracy
Getting Past an IDS
Secure HackingHacking Over SSL
Polymorphic URLs
Generating False Positives
Potential Countermeasures
Summary
Appendix A. Web and Database Port Listing
Appendix B. HTTP1.1 and HTTP1.0 Method and Field Definitions
Appendix C. Remote Command Execution Cheat Sheet
Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet
Appendix E. Resources and Links
Appendix F. Web-Related Tools
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors:
Stuart McClure
,
Saumil Shah
,
Shreeraj Shah
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Reliable Innovation
Phase: Envision
Practice: Product, Project, and Team Review and Adaptive Action
Phase: Close
The Commitment-Accountability Protocol
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Step 1.1 Install OpenSSH to Replace the Remote Access Protocols with Encrypted Versions
Step 5.2 Troubleshooting Common OpenSSH Errors/Problems
Step 6.1 Port Forwarding
Step 6.3 X11 Forwarding
Conclusion
File System Forensic Analysis
Bibliography
Summary
Long File Name Directory Entries
Summary
Directory Entries
Quantitative Methods in Project Management
Project Value: The Source of all Quantitative Measures
Organizing and Estimating the Work
Making Quantitative Decisions
Expense Accounting and Earned Value
Quantitative Time Management
Python Programming for the Absolute Beginner, 3rd Edition
And Now for Something Completely Different
The Compulsory Features List
Browsing PyErrata Reports
Rolling Your Own Servers in Python
Section B.2. Book Examples Distribution
User Interfaces in C#: Windows Forms and Custom Controls
Classic Controls
Forms
Modern Controls
Design-Time Support for Custom Controls
Help and Application-Embedded Support
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies