Web Hacking: Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 156
Pages: 156
- Copyright
- Foreword
- Introduction
- We re Secure, We Have a Firewall
- Book Organization
- A Final Word
- Acknowledgments
- Contributor
- Part 1: The E-Commerce Playground
- Chapter 1. Web Languages: The Babylon of the 21st Century
- Introduction
- Languages of the Web
- Java
- Summary
- Chapter 2. Web and Database Servers
- Introduction
- Web Servers
- Database Servers
- Summary
- Chapter 3. Shopping Carts and Payment Gateways
- Introduction
- Evolution of the Storefront
- Electronic Shopping
- Shopping Cart Systems
- Implementation of a Shopping Cart Application
- Examples of Poorly Implemented Shopping Carts
- Processing Payments
- Overview of the Payment Processing System
- Interfacing with a Payment GatewayAn Example
- Payment System Implementation Issues
- PayPalEnabling Individuals to Accept Electronic Payments
- Summary
- Chapter 4. HTTP and HTTPS: The Hacking Protocols
- Introduction
- Protocols of the Web
- Summary
- Chapter 5. URL: The Web Hacker s Sword
- Introduction
- URL Structure
- URLs and Parameter Passing
- URL Encoding
- Abusing URL Encoding
- HTML Forms
- Summary
- Part 2: URLs Unraveled
- Chapter 6. Web: Under (the) Cover
- Introduction
- The Components of a Web Application
- Wiring the Components
- Connecting with the Database
- Specialized Web Application Servers
- Identifying Web Application Components from URLs
- The Basics of Technology Identification
- Advanced Techniques for Technology Identification
- Identifying Database Servers
- Countermeasures
- Summary
- Chapter 7. Reading Between the Lines
- Introduction
- Information Leakage Through HTML
- What the Browsers Don t Show You
- Clues to Look For
- HTML Comments
- Internal and External Hyperlinks
- E-Mail Addresses and Usernames
- Keywords and Meta Tags
- Hidden Fields
- Client-Side Scripts
- Automated Source Sifting Techniques
- Sam Spade, Black Widow, and Teleport Pro
- Summary
- Chapter 8. Site Linkage Analysis
- Introduction
- HTML and Site Linkage Analysis
- Site Linkage Analysis Methodology
- Step 1: Crawling the Web Site
- Step 2: Creating Logical Groups Within the Application Structure
- Step 3: Analyzing Each Web Resource
- Step 4: Inventorying Web Resources
- Summary
- Part 3: How Do They Do It?
- Chapter 9. Cyber Graffiti
- Introduction
- Defacing Acme Travel, Inc. s Web Site
- What Went Wrong?
- HTTP Brute-Forcing Tools
- Countermeasures Against the Acme Travel, Inc. Hack
- Summary
- Chapter 10. E-Shoplifting
- Introduction
- Building an Electronic Store
- Evolution of Electronic Storefronts
- Robbing Acme Fashions, Inc.
- Overhauling www.acme-fashions.com
- Postmortem and Further Countermeasures
- Summary
- Chapter 11. Database Access
- Introduction
- A Used Car Dealership Is Hacked
- Countermeasures
- Summary
- Chapter 12. Java: Remote Command Execution
- Introduction
- Java-Driven Technology
- Attacking a Java Web Server
- Identifying Loopholes in Java Application Servers
- Countermeasures
- Summary
- Chapter 13. Impersonation
- Introduction
- Session Hijacking: A Stolen Identity and a Broken Date
- Session Hijacking
- Postmortem of the Session Hijacking Attack
- Application State Diagrams
- HTTP and Session Tracking
- Stateless Versus Stateful Applications
- Cookies and Hidden Fields
- Implementing Session and State Tracking
- Summary
- Chapter 14. Buffer Overflows: On-the-Fly
- Introduction
- Buffer Overflows
- Postmortem Countermeasures
- Summary
- Part 4: Advanced Web Kung Fu
- Chapter 15. Web Hacking: Automated Tools
- Introduction
- Netcat
- Whisker
- Brutus
- Achilles
- Cookie Pal
- Teleport Pro
- Security Recommendations
- Summary
- Chapter 16. Worms
- Introduction
- Code Red Worm
- Summary
- Chapter 17. Beating the IDS
- Introduction
- IDS Basics
- IDS Accuracy
- Getting Past an IDS
- Secure HackingHacking Over SSL
- Polymorphic URLs
- Generating False Positives
- Potential Countermeasures
- Summary
- Appendix A. Web and Database Port Listing
- Appendix B. HTTP1.1 and HTTP1.0 Method and Field Definitions
- Appendix C. Remote Command Execution Cheat Sheet
- Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet
- Appendix E. Resources and Links
- Appendix F. Web-Related Tools
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 156
Pages: 156