How This Book Is Organized

This book is the sum of chapters, each of which describes one aspect of the Hacking Exposed web application attack methodology. This structure forms the backbone of this book, for without a methodology, this would be nothing but a heap of information without context or meaning. It is the map by which we will chart our progress throughout the book.

Chapter 1: "Hacking Web Apps 101"

In this chapter, we take a broad overview of web application hacking tools and techniques while showing concrete examples. Buckle your seatbelt, Dorothy, because Kansas is going bye-bye.

Chapter 2: "Profiling"

The first step in any methodology is often one of the most critical, and profiling is no exception. This chapter illustrates the process of reconnaissance in prelude to attacking a web application and its associated infrastructure.

Chapter 3: "Hacking Web Platforms"

No application can be secured if it's built on a web platform that's full of security holesthis chapter describes attacks, detection evasion techniques, and countermeasures for the most popular web platforms, including IIS, Apache, PHP, and ASP.NET.

Chapter 4: "Attacking Web Authentication"

This chapter covers attacks and countermeasures for common web authentication mechanisms, including password-based, multifactor (e.g., SecureID, Passmark, and CAPTCHA), and online authentication services like Passport.

Chapter 5: "Attacking Web Authorization"

See how to excise the heart of any web application's access controls through advanced session analysis, hijacking, and fixation techniques.

Chapter 6: "Input Validation Attacks"

From Cross-Site Scripting to HTTP Response Splitting, the essence of most web attacks is unexpected application input. In this chapter, we review the classic categories of malicious input, from overlong input (like buffer overflows) to canonicalization attacks (like the infamous dot-dot-slash), and reveal the metacharacters that should always be regarded with suspicion (including angle brackets, quotes, single quote, double dashes, percent, asterisk, underscore , newline, ampersand, pipe, and semicolon), plus stealth-en- coding techniques and input validation/output encoding countermeasures.

Chapter 7: "Attacking Web Datastores"

SQL Injection is arguably the most devastating web application attack paradigm around, since it strikes at the heart of any web app, the valuable data it stores. This chapter describes basic SQL syntax and how it is commonly abused, and then explores advanced variations on the basic techniques, including Blind SQL injection and platform-specific variations including MySQL and Oracle.

Chapter 8: "Attacking XML Web Services"

Don't drop the SOAP, because this chapter will reveal how Web Services vulnerabilities are discovered and exploited through techniques including WSDL disclosure, input injection, external entity injection, and XPath injection.

Chapter 9: "Attacking Web Application Management"

If the front door is locked, try the back! This chapter reveals the most common web application management attacks against remote server management, web content manage- ment/authoring, admin misconfigurations, and developer-driven mistakes.

Chapter 10: "Hacking Web Clients"

Did you know that your web browser is actually an effective portal through which unsavory types can enter directly into your homes and offices? Take a tour of the nastiest Firefox and IE exploits around, and then follow our "10 Steps to a Safer Internet Experience" (along with dozens of additional countermeasures listed in this chapter) so you can breathe a little easier when you browse.

Chapter 11: "Denial-of-Service (DoS) Attacks"

The rise of the botnets has elevated DoS from online hooliganism to an effective Internet extortion tool. Furthermore, online business models that seek to capitalize on the distributed scale of the Web have unique exposure to distributed attacks like click fraud. See how DoS has graduated from the old school (infrastructure DoS) to the new ( application-layer DDoS).

Chapter 12: "Full-Knowledge Analysis"

We take a brief departure from zero-knowledge/black-box analysis in this chapter to explain the advantages of a robust full-knowledge/white-box web application security assessment methodology, including threat modeling, code review, security testing, and how to integrate security into the overall web application development life cycle.

Chapter 13: "Web Application Security Scanners"

This chapter is aimed at IT operations staff and managers for medium-to-large enterprises who need to automate our web application assessment methodology so that it is scaleable, consistent, and delivers acceptable return on investment. The majority of this chapter is devoted to a review of the available web app security scanning tools commissioned specifically for this edition.

Last but not least, we cap the book off with a series of useful appendices that include a comprehensive Web Application Security Checklist, our Web Hacking Tools and Techniques Cribsheet, some hands-on deployment advice for the "web server firewalls" URLScan and ModSecurity, and a short description of the resources available on the book's companion web site, http://www.webhackingexposed.com.

Modularity, Organization, and Accessibility

Clearly, this book could be read from start to finish for a soup-to-nuts portrayal of web application penetration testing. However, like Hacking Exposed , we have attempted to make each chapter stand on its own so the book can be digested in modular chunks , suitable to the frantic schedules of our target audience.

Moreover, we have strictly adhered to the clear, readable, and concise writing style that readers overwhelmingly responded to in Hacking Exposed . We know you're busy and you need the straight dirt without a lot of doubletalk and needless jargon. As a reader of Hacking Exposed once commented, "Reads like fiction , scares like hell!"

We think you will be just as satisfied reading from beginning to end as you would piece by piece, but it's built to withstand either treatment.

Chapter Summaries and References and Further Reading

Two features appear at the end of most chapters in this book: a summary and "References and Further Reading" section.

The summary is exactly what it sounds like, a brief synopsis of the major concepts covered in the chapter, with an emphasis on countermeasures. We would expect that if you read each chapter's summary, you would know how to harden a web application to just about any form of attack.

The "References and Further Reading" section in each chapter includes hyperlinks , ISBN numbers , and any other bits of information necessary to locate each and every item referenced in the chapter, including vendor security bulletins and patches, third-party advisories, commercial and freeware tools, web hacking incidents in the news, and general background reading that amplifies or expands on the information presented in the chapter. You will thus find few hyperlinks within the body text of the chapters them- selvesif you need to find something, turn to the end of the chapter, and it will be there. We hope this consolidation of external references into one container improves your overall enjoyment of the book.

The Basic Building Blocks: Attacks and Countermeasures

As with Hacking Exposed , the basic building blocks of this book are the attacks and countermeasures discussed in each chapter.

The attacks are highlighted here as they are throughout the Hacking Exposed series:

Attack This Is an Attack Icon

Highlighting attacks like this makes it easy to identify specific penetration-testing tools and methodologies, and points you right to the information you need to convince management to fund your new security initiative.

Each attack is also accompanied by a Risk Rating, scored exactly as in Hacking Exposed , as shown next .

Popularity:

The frequency of use in the wild against live targets, 1 being most rare, 10 being widely used.

Simplicity:

The degree of skill necessary to execute the attack, 10 being little or no skill, 1 being seasoned security programmer.

Impact:

The potential damage caused by successful execution of the attack, 1 being revelation of trivial information about the target, 10 being superuser account compromise or equivalent.

Risk Rating:

The preceding three values are averaged to give the overall risk rating and rounded to the next highest whole number.

We have also followed the Hacking Exposed line when it comes to countermeasures, which follow each attack or series of related attacks. The countermeasure icon remains the same:

Countermeasure This Is a Countermeasure Icon

This should be a flag to draw your attention to critical-fix information.

Other Visual Aids

We've also made prolific use of visually enhanced

Note 

  

Tip 

  

Caution 

  

icons to highlight those nagging little details that often get overlooked.



Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net