About

Previous page
Table of content
Next page

Joel Scambray
Mike Shema
Caleb Sima

The McGraw-Hill Companies
160 Spear Street, Suite 700
San Francisco, California 94105
U.S.A.

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill at the above address.

Hacking Exposed Web Applications, Second Edition

Copyright 2006 by Joel Scambray and Mike Shema. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1234567890 DOC DOC 019876

ISBN 0-07-226299-0

Executive Editor
Jane K. Brownlow

Project Editor
Mark Karmendy

Acquisitions Coordinator
Jennifer Housh

Technical Editor
Edward Tracy

Copy Editor
Mark Karmendy

Proofreader
Susie Elkind

Indexer
Claire Splan

Composition
Peter Hancik

Illustrator
Lyssa Wald

Series Design
Dick Schwartz
Peter F. Hancik

Cover Design
Dodie Shoemaker

This book was published with Corel Ventura Publisher on Windows XP.

Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

Dedicated to those who protect our ongoing pursuit of life, liberty, and happiness.
Thank you.
Joel

To Tera, for sticking by me and providing inspiration.
Mike

To my Mom and Dad (thanks for putting up with me), my brothers Jonathon, RJ, and Andrew, and my sister Emily. Finally, to all the people of SPI who changed my life and helped build a great company.
Caleb

About The Authors

Joel Scambray, CISSP, has over 15 years of information security experience, including senior management roles at Microsoft and Ernst & Young, co-founder of Foundstone, technical consultant for Fortune 500 enterprises , and co-author of the best-selling Hacking Exposed book series.

Mike Shema is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit .

Caleb Sima is the co-founder and CTO of SPI Dynamics, a web application security products company, and has over 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press . He is also a contributing author to various magazines and online columns . Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).

About The Contributing Authors

Nishchal Bhalla, founder of Security Compass, is a specialist in product, code, web application, host, and network reviews. Nish has co- authored Buffer Overflow Attacks: Detect, Exploit & Prevent and is a contributing author for Windows XP Professional Security , HackNotes: Network Security , and Writing Security Tools and Exploits. Nish has also been involved in open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter. He has also written articles for SecurityFocus and is a frequent speaker on emerging security issues.

Samuel Bucholtz is a founding member of Casaba Security, a computer security consulting firm based in Seattle, Washington. Samuel specializes in application testing, design reviews, and system/network architecture implementation. Prior to Casaba Security, Samuel worked as a security consultant for Foundstone, performing security reviews and penetration tests for Global 1000 clients, managing tests of more than one hundred web applications, and training students in network and web application security. Before Foundstone, Samuel was a security engineer responsible for building and operating multimillion- user web sites for a large Internet consulting firm. Samuel has taught at Black Hat, CSI (Computer Security Institute), and has instructed private classes for clients . He has a bachelor's degree in Computer Science and Economics from New York University and has participated in a network security internship with the Department of Defense.

David Wong is currently a manager in Ernst & Young Attack and Penetration practice. David has over seven years of security experience and has performed hundreds of attack and penetration tests for companies in the financial services, energy, telecom, and software industries. David has previously held the position of Director of Application Security at a financial services firm and started his career working on security research at Lucent Technologies. David is a Certified Information Systems Security Professional (CISSP) and graduated with a BS in Engineering from Cooper Union.

Arian Evans has spent the last eight years pondering how he fell into information security. His focus has been on application security and IDS. Arian is currently researching and developing new methodologies for evaluating the security posture of applications and databases, in addition to helping clients design, deploy, and defend their applications. Arian works for FishNet Security with clients worldwide on appsec issues, and has also worked with the Center for Internet Security, FBI, and numerous commercial organizations on web application security and related hacking incident-response.

About The Technical Editor

Edward Tracy is a CISSP whose career has focused on the problem of application security, primarily within web applications. Mr. Tracy began his career with the National Security Agency, where he was exposed to advanced computer security research. He went on to co-found Aspect Security, Inc., a consulting firm that focuses on application security. While at Aspect Security, Mr. Tracy led the penetration-testing service, performed code and design reviews, consulted on security in the SDLC, and taught application security classes around the United States, including guest lecturing at Johns Hopkins University.

Mr. Tracy has been the DC Chapter lead for the Open Web Application Security Project (OWASP) and has contributed to OWASP's honeypot web application, WebGoat. He has also performed research and engineering on application scanning technologies and static code analysis. Mr. Tracy currently works with Booz Allen Hamilton, continuing to provide application security services through the firm's information assurance practice.


Previous page
Table of content
Next page
Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127
Authors: Joel Scambray, Vincent Liu, Caleb Sima
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Twisted Network Programming Essentials
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Programming .Net Windows Applications
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy