Hacker Web Exploition Uncovered
- Hacker Web Exploitation Uncovered
- Back Cover
- About
- Introduction
- To the Reader
- Chapter 1: The Internet Is a Hostile Environment
- Chapter 2: Vulnerabilities in Scripts
- Vulnerabilities Specific to PHP Scripts
- Errors Specific to Perl Scripts
- Errors Not Specific to a Particular Programming Language
- Chapter 3: SQL Injection
- Looking for Vulnerabilities
- Investigating Queries
- MySQL
- Other Types of Database Servers
- Conclusion
- Chapter 4: Secure Authorization and Authentication
- Logging In
- Changing the Appearance of HTML Pages
- HTTP Basic Authentication
- HTTPS
- Methods for Strengthening Protection
- Recovery of a Password
- Well-Designed Protection
- Conclusion
- Chapter 5: XSS and Stolen Cookies
- Basics
- The Danger of the Vulnerability
- Changing the Appearance of HTML Pages
- Sending Data with JavaScript
- Solving Problems
- Obtaining Users Cookies
- Collecting Statistics
- Performing Concealed Actions on Behalf of the Administrator
- Fixing a Session
- An Event-Processing Vulnerability
- Embedding JavaScript Code into the Address Line
- Avoiding the XSS Vulnerability
- Chapter 6: The Myth about Secure Configuration
- Secure PHP Settings
- The Apache mod_security Module
- Methods for Passive Analysis and Circumvention
- HTML Restrictions
- Log Files and Detecting the Attacker
- Conclusion
- Chapter 7: Shared Hosting and Security Issues
- Accessing System Owners Files
- Files and the Web Server
- Hosting and Databases
- The Problem with Disclosed Code
- The Attacker s Point of View
- Conclusion
- Chapter 8: A Conceptual Virus
- Getting Started
- An Overview of Existing Viruses
- The Search
- The Infection
- Conclusion
- Appendix 1: CD-ROM Contents
- Installing Software from the CD-ROM
- Appendix 2: Investigation Tasks
- Task 1
- Task 2
- Task 3
- Task 4
- Task 5
- Task 6
- Appendix 3: Solutions
- Task 1
- Task 2
- Task 3
- Task 4
- Task 5
- Task 6
- Conclusion
- CD Content