Flylib.com
Web Hacking: Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors:
Stuart McClure
,
Saumil Shah
,
Shreeraj Shah
BUY ON AMAZON
Copyright
Foreword
Introduction
We re Secure, We Have a Firewall
Book Organization
A Final Word
Acknowledgments
Contributor
Part 1: The E-Commerce Playground
Chapter 1. Web Languages: The Babylon of the 21st Century
Introduction
Languages of the Web
Java
Summary
Chapter 2. Web and Database Servers
Introduction
Web Servers
Database Servers
Summary
Chapter 3. Shopping Carts and Payment Gateways
Introduction
Evolution of the Storefront
Electronic Shopping
Shopping Cart Systems
Implementation of a Shopping Cart Application
Examples of Poorly Implemented Shopping Carts
Processing Payments
Overview of the Payment Processing System
Interfacing with a Payment GatewayAn Example
Payment System Implementation Issues
PayPalEnabling Individuals to Accept Electronic Payments
Summary
Chapter 4. HTTP and HTTPS: The Hacking Protocols
Introduction
Protocols of the Web
Summary
Chapter 5. URL: The Web Hacker s Sword
Introduction
URL Structure
URLs and Parameter Passing
URL Encoding
Abusing URL Encoding
HTML Forms
Summary
Part 2: URLs Unraveled
Chapter 6. Web: Under (the) Cover
Introduction
The Components of a Web Application
Wiring the Components
Connecting with the Database
Specialized Web Application Servers
Identifying Web Application Components from URLs
The Basics of Technology Identification
Advanced Techniques for Technology Identification
Identifying Database Servers
Countermeasures
Summary
Chapter 7. Reading Between the Lines
Introduction
Information Leakage Through HTML
What the Browsers Don t Show You
Clues to Look For
HTML Comments
Internal and External Hyperlinks
E-Mail Addresses and Usernames
Keywords and Meta Tags
Hidden Fields
Client-Side Scripts
Automated Source Sifting Techniques
Sam Spade, Black Widow, and Teleport Pro
Summary
Chapter 8. Site Linkage Analysis
Introduction
HTML and Site Linkage Analysis
Site Linkage Analysis Methodology
Step 1: Crawling the Web Site
Step 2: Creating Logical Groups Within the Application Structure
Step 3: Analyzing Each Web Resource
Step 4: Inventorying Web Resources
Summary
Part 3: How Do They Do It?
Chapter 9. Cyber Graffiti
Introduction
Defacing Acme Travel, Inc. s Web Site
What Went Wrong?
HTTP Brute-Forcing Tools
Countermeasures Against the Acme Travel, Inc. Hack
Summary
Chapter 10. E-Shoplifting
Introduction
Building an Electronic Store
Evolution of Electronic Storefronts
Robbing Acme Fashions, Inc.
Overhauling www.acme-fashions.com
Postmortem and Further Countermeasures
Summary
Chapter 11. Database Access
Introduction
A Used Car Dealership Is Hacked
Countermeasures
Summary
Chapter 12. Java: Remote Command Execution
Introduction
Java-Driven Technology
Attacking a Java Web Server
Identifying Loopholes in Java Application Servers
Countermeasures
Summary
Chapter 13. Impersonation
Introduction
Session Hijacking: A Stolen Identity and a Broken Date
Session Hijacking
Postmortem of the Session Hijacking Attack
Application State Diagrams
HTTP and Session Tracking
Stateless Versus Stateful Applications
Cookies and Hidden Fields
Implementing Session and State Tracking
Summary
Chapter 14. Buffer Overflows: On-the-Fly
Introduction
Buffer Overflows
Postmortem Countermeasures
Summary
Part 4: Advanced Web Kung Fu
Chapter 15. Web Hacking: Automated Tools
Introduction
Netcat
Whisker
Brutus
Achilles
Cookie Pal
Teleport Pro
Security Recommendations
Summary
Chapter 16. Worms
Introduction
Code Red Worm
Summary
Chapter 17. Beating the IDS
Introduction
IDS Basics
IDS Accuracy
Getting Past an IDS
Secure HackingHacking Over SSL
Polymorphic URLs
Generating False Positives
Potential Countermeasures
Summary
Appendix A. Web and Database Port Listing
Appendix B. HTTP1.1 and HTTP1.0 Method and Field Definitions
Appendix C. Remote Command Execution Cheat Sheet
Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet
Appendix E. Resources and Links
Appendix F. Web-Related Tools
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors:
Stuart McClure
,
Saumil Shah
,
Shreeraj Shah
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Setting Connection Pooling Options
Filtering and Sorting Data
Determining the Differences in Data Between Two DataSet Objects
Maintaining Database Integrity
Caching Data
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Step 4.2 Passphrase Considerations
Step 4.3 How to Generate a Key Pair Using OpenSSH
Step 4.7 Using Public Key Authentication for Automated File Transfers
Step 5.1 General Troubleshooting
Step 6.2 Using Port Forwarding Within PuTTY to Read Your E-mail Securely
Metrics and Models in Software Quality Engineering (2nd Edition)
Total Quality Management
Some Basic Measures
Reliability Growth Models
Productivity Metrics
The Preparation Phase
Image Processing with LabVIEW and IMAQ Vision
NI Vision Builder for Automated Inspection
Color Images
Frame Grabbing
Image Focus Quality
Application Examples
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Article 310 Conductors for General Wiring
Article 358 Electrical Metallic Tubing Type EMT
Article 700 Emergency Systems
Article 702 Optional Standby Systems
Example No. D1(a) One-Family Dwelling
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
The Challenges of Web Application Development
Creating a Struts-based MVC Application
Form Presentation and Validation with Struts
Building a Data Access Tier with ObjectRelationalBridge
Building the JavaEdge Application with Ant and Anthill
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies