Flylib.com
.NODE
Web Hacking: Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors:
Stuart McClure
,
Saumil Shah
,
Shreeraj Shah
BUY ON AMAZON
Copyright
Foreword
Introduction
We re Secure, We Have a Firewall
Book Organization
A Final Word
Acknowledgments
Contributor
Part 1: The E-Commerce Playground
Chapter 1. Web Languages: The Babylon of the 21st Century
Introduction
Languages of the Web
Java
Summary
Chapter 2. Web and Database Servers
Introduction
Web Servers
Database Servers
Summary
Chapter 3. Shopping Carts and Payment Gateways
Introduction
Evolution of the Storefront
Electronic Shopping
Shopping Cart Systems
Implementation of a Shopping Cart Application
Examples of Poorly Implemented Shopping Carts
Processing Payments
Overview of the Payment Processing System
Interfacing with a Payment GatewayAn Example
Payment System Implementation Issues
PayPalEnabling Individuals to Accept Electronic Payments
Summary
Chapter 4. HTTP and HTTPS: The Hacking Protocols
Introduction
Protocols of the Web
Summary
Chapter 5. URL: The Web Hacker s Sword
Introduction
URL Structure
URLs and Parameter Passing
URL Encoding
Abusing URL Encoding
HTML Forms
Summary
Part 2: URLs Unraveled
Chapter 6. Web: Under (the) Cover
Introduction
The Components of a Web Application
Wiring the Components
Connecting with the Database
Specialized Web Application Servers
Identifying Web Application Components from URLs
The Basics of Technology Identification
Advanced Techniques for Technology Identification
Identifying Database Servers
Countermeasures
Summary
Chapter 7. Reading Between the Lines
Introduction
Information Leakage Through HTML
What the Browsers Don t Show You
Clues to Look For
HTML Comments
Internal and External Hyperlinks
E-Mail Addresses and Usernames
Keywords and Meta Tags
Hidden Fields
Client-Side Scripts
Automated Source Sifting Techniques
Sam Spade, Black Widow, and Teleport Pro
Summary
Chapter 8. Site Linkage Analysis
Introduction
HTML and Site Linkage Analysis
Site Linkage Analysis Methodology
Step 1: Crawling the Web Site
Step 2: Creating Logical Groups Within the Application Structure
Step 3: Analyzing Each Web Resource
Step 4: Inventorying Web Resources
Summary
Part 3: How Do They Do It?
Chapter 9. Cyber Graffiti
Introduction
Defacing Acme Travel, Inc. s Web Site
What Went Wrong?
HTTP Brute-Forcing Tools
Countermeasures Against the Acme Travel, Inc. Hack
Summary
Chapter 10. E-Shoplifting
Introduction
Building an Electronic Store
Evolution of Electronic Storefronts
Robbing Acme Fashions, Inc.
Overhauling www.acme-fashions.com
Postmortem and Further Countermeasures
Summary
Chapter 11. Database Access
Introduction
A Used Car Dealership Is Hacked
Countermeasures
Summary
Chapter 12. Java: Remote Command Execution
Introduction
Java-Driven Technology
Attacking a Java Web Server
Identifying Loopholes in Java Application Servers
Countermeasures
Summary
Chapter 13. Impersonation
Introduction
Session Hijacking: A Stolen Identity and a Broken Date
Session Hijacking
Postmortem of the Session Hijacking Attack
Application State Diagrams
HTTP and Session Tracking
Stateless Versus Stateful Applications
Cookies and Hidden Fields
Implementing Session and State Tracking
Summary
Chapter 14. Buffer Overflows: On-the-Fly
Introduction
Buffer Overflows
Postmortem Countermeasures
Summary
Part 4: Advanced Web Kung Fu
Chapter 15. Web Hacking: Automated Tools
Introduction
Netcat
Whisker
Brutus
Achilles
Cookie Pal
Teleport Pro
Security Recommendations
Summary
Chapter 16. Worms
Introduction
Code Red Worm
Summary
Chapter 17. Beating the IDS
Introduction
IDS Basics
IDS Accuracy
Getting Past an IDS
Secure HackingHacking Over SSL
Polymorphic URLs
Generating False Positives
Potential Countermeasures
Summary
Appendix A. Web and Database Port Listing
Appendix B. HTTP1.1 and HTTP1.0 Method and Field Definitions
Appendix C. Remote Command Execution Cheat Sheet
Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet
Appendix E. Resources and Links
Appendix F. Web-Related Tools
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors:
Stuart McClure
,
Saumil Shah
,
Shreeraj Shah
BUY ON AMAZON
Similar book on Amazon
Digital Character Animation 3 (No. 3)
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Hacking: The Art of Exploitation, 2nd Edition
Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Identifying Project Schedule Risk
Identifying Project Resource Risk
Managing Project Constraints and Documenting Risks
Managing Project Risk
Closing Projects
Java How to Program (6th Edition) (How to Program (Deitel))
Exercises
Drawing Arcs
Type-Wrapper Classes for Primitive Types
Self-Review Exercises
Stack Class of Package java.util
Introduction to 80x86 Assembly Language and Computer Architecture
Parts of a Computer System
The Assembly Process
Floating-Point Arithmetic
Input/Output
Appendix B Useful MS-DOS Commands
Web Systems Design and Online Consumer Behavior
Chapter II Information Search on the Internet: A Causal Model
Chapter III Two Models of Online Patronage: Why Do Consumers Shop on the Internet?
Chapter V Consumer Complaint Behavior in the Online Environment
Chapter VII Objective and Perceived Complexity and Their Impacts on Internet Communication
Chapter XI User Satisfaction with Web Portals: An Empirical Study
Extending and Embedding PHP
Starting Up and Shutting Down
Accepting Parameters
Startup, Shutdown, and a Few Points in Between
Userspace Superglobals
Classes
MPLS Configuration on Cisco IOS Software
MPLS Operation
MPLS VPN Routing Model
Outbound Route Filters
OSPF PE-CE Routing Protocol Overview, Configuration and Verification
Command Reference
Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy