Hacking Exposed Web Applications, Second Edition,9780072262995

Hacking Exposed Web Applications, Second Edition

by
Edition: 2nd
ISBN13: 9780072262995
ISBN10: 0072262990
Format: Paperback
Pub. Date: 2006-06-05
Publisher(s): McGraw-Hill Osborne Media
Upgraded Edition: Click here!
List Price: $53.49

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $40.36

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

The second edition has been completely updated to cover: New exploitation techniques The latest Denial of Service attacks New phishing scams Leading-edge preventive website development practices

Author Biography

Joel Scambray, CISSP is a senior director in Microsoft’s MSN Security group.

Mike Shema is the chief security officer of NT OBJECTtives and is regarded as one of the world’s top Web application security experts.

Caleb Sima is the cofounder and CTO of SPI Dynamics, a Web application security products company. He has been featured by the Associated Press.

Table of Contents

Foreword xvii
Acknowledgments xxi
Introduction xxiii
Hacking Web Apps 101
1(26)
What Is Web Application Hacking?
2(7)
GUI Web Hacking
2(1)
URI Hacking
3(1)
Methods, Headers, and Body
4(2)
Resources
6(1)
Authentication, Sessions, and Authorization
7(1)
The Web Client and HTML
7(1)
Other Protocols
8(1)
Why Attack Web Applications?
9(1)
Who, When, and Where?
10(1)
Weak Spots
10(1)
How Are Web Apps Attacked?
11(13)
The Web Browser
12(1)
Browser Extensions
13(4)
HTTP Proxies
17(6)
Command-line Tools
23(1)
Older Tools
24(1)
Summary
24(1)
References and Further Reading
24(3)
Profiling
27(52)
Infrastructure Profiling
28(12)
Footprinting and Scanning: Defining Scope
28(1)
Basic Banner Grabbing
29(1)
Advanced HTTP Fingerprinting
30(2)
Infrastructure Intermediaries
32(8)
Application Profiling
40(35)
Manual Inspection
41(19)
Using Search Tools for Profiling
60(5)
Automated Web Crawling
65(5)
Common Web Application Profiles
70(5)
General Countermeasures
75(2)
A Cautionary Note
75(1)
Protecting Directories
75(1)
Protecting include Files
76(1)
Miscellaneous Tips
76(1)
Summary
77(1)
References and Further Reading
77(2)
Hacking Web Platforms
79(42)
Point-and-click Exploitation Using Metasploit
81(3)
Manual Exploitation
84(15)
Evading Detection
99(3)
Web Platform Security Best Practices
102(15)
Common Best Practices
102(2)
IIS Hardening
104(6)
Apache Hardening
110(5)
PHP Best Practices
115(2)
Summary
117(1)
References and Further Reading
117(4)
Attacking Web Authentication
121(38)
Web Authentication Threats
122(24)
Username/Password Threats
122(17)
Strong(er) Web Authentication
139(3)
Web Authentication Services
142(4)
Bypassing Authentication
146(7)
Token Replay
147(1)
Identity Management
148(4)
Client-side Piggybacking
152(1)
Some Final Thoughts: Identity Theft
153(1)
Summary
153(2)
References and Further Reading
155(4)
Attacking Web Authorization
159(50)
Fingerprinting Authz
161(7)
Crawling ACLs
161(1)
Identifying Access/Session Tokens
162(3)
Analyzing Session Tokens
165(1)
Differential Analysis
166(1)
Role Matrix
167(1)
Attacking ACLs
168(2)
Attacking Tokens
170(15)
Manual Prediction
170(8)
Automated Prediction
178(6)
Capture/Replay
184(1)
Session Fixation
184(1)
Authorization Attack Case Studies
185(14)
Horizontal Privilege Escalation
186(5)
Vertical Privilege Escalation
191(3)
Differential Analysis
194(2)
Using Curl to Map Permissions
196(3)
Authorization Best Practices
199(7)
Web ACL Best Practices
200(2)
Web Authorization/Session Token Security
202(3)
Security Logs
205(1)
Summary
206(1)
References and Further Reading
206(3)
Input Validation Attacks
209(26)
Expect the Unexpected
210(2)
Where to Find Attack Vectors
212(1)
Bypass Client-side Validation Routines
213(1)
Common Input Validation Attacks
213(19)
Buffer Overflow
213(2)
Canonicalization (dot-dot-slash)
215(5)
HTML Injection
220(4)
Boundary Checks
224(1)
Manipulate Application Behavior
225(1)
SQL Injection and Datastore Attacks
226(1)
Command Execution
226(2)
Encoding Abuse
228(1)
PHP Global Variables
229(1)
Common Side-effects
230(2)
Summary
232(1)
References and Further Reading
233(2)
Attacking Web Datastores
235(32)
SQL Primer
236(2)
Syntax
237(1)
SELECT, INSERT, and UPDATE
237(1)
SQL Injection Discovery
238(9)
Syntax and Errors
238(4)
Semantics and Behavior
242(4)
Alternate Character Encoding
246(1)
Exploit SQL Injection Vulnerabilities
247(14)
Alter a Process
247(2)
Query Alternate Data
249(7)
Platforms
256(5)
Other Datastore Attacks
261(5)
Input Validation
262(1)
Decouple Query Logic from Query Data
262(3)
Database Encryption
265(1)
Database Configuration
265(1)
Summary
266(1)
Attacking XML Web Services
267(26)
What Is a Web Service?
268(11)
Transport: SOAP Over HTTP(S)
269(2)
WSDL
271(4)
Directory Services: UDDI and DISCO
275(4)
Similarities to Web Application Security
279(1)
Attacking Web Services
279(8)
Web Service Security Basics
287(3)
Web Services Security Measures
287(3)
Summary
290(1)
References and Further Reading
291(2)
Attacking Web Application Management
293(38)
Remote Server Management
294(3)
Telnet
294(1)
SSH
295(1)
Proprietary Management Ports
295(1)
Other Administration Services
295(2)
Web Content Management
297(11)
FTP
297(1)
SSH/scp
297(1)
FrontPage
298(3)
WebDAV
301(7)
Admin Misconfigurations
308(13)
Unnecessary Web Server Extensions
308(4)
Information Leakage
312(9)
Developer-driven Mistakes
321(6)
Summary
327(1)
References and Further Reading
328(3)
Hacking Web Clients
331(36)
Exploits
332(14)
Trickery
346(7)
General Countermeasures
353(8)
IE Security Zones
354(4)
Firefox Secure Configuration
358(1)
Low-privilege Browsing
359(1)
Server-side Countermeasures
360(1)
Summary
361(1)
References and Further Reading
361(6)
Denial-of-Service (DoS) Attacks
367(30)
Common DoS Attack Techniques
368(15)
Old School DoS: Vulnerabilities
369(1)
Modern DoS: Capacity Depletion
370(3)
Application-layer DoS
373(10)
General DoS Countermeasures
383(11)
Proactive DoS Mitigation
384(7)
Detecting DoS
391(1)
Responding to DoS
392(2)
Summary
394(1)
References and Further Reading
394(3)
Full-Knowledge Analysis
397(38)
Threat Modeling
398(9)
Clarify Security Objectives
400(1)
Identify Assets
400(1)
Architecture Overview
400(1)
Decompose the Application
401(3)
Identify and Document Threats
404(1)
Rank the Threats
405(1)
Develop Threat Mitigation Strategies
406(1)
Code Review
407(16)
Manual Source Code Review
408(6)
Automated Source Code Review
414(1)
Binary Analysis
414(9)
Security Testing of Web App Code
423(4)
Fuzzing
424(2)
Test Tools, Utilities, and Harnesses
426(1)
Pen-testing
426(1)
Security in the Web Development Process
427(4)
People
427(2)
Process
429(1)
Technology
429(2)
Summary
431(1)
References and Further Reading
431(4)
Web Application Security Scanners
435(30)
Technology: Web App Security Scanners
436(23)
The Testbed
437(1)
The Tests
438(5)
Reviews of Individual Scanners
443(12)
Overall Test Results
455(4)
Nontechnical Issues
459(4)
Process
459(2)
People
461(2)
Summary
463(1)
References and Further Reading
463(2)
A. Web Application Security Checklist
465(6)
B. Web Hacking Tools and Techniques Cribsheet
471(12)
C. URLScan and ModSecurity
483(24)
URLScan
484(16)
Basic URLScan Deployment (IIS5.x and Earlier)
485(7)
Advanced URLScan Configuration
492(5)
Managing URLScan
497(3)
ModSecurity
500(5)
ModSecurity Installation
500(1)
ModSecurity Configuration
501(4)
Summary
505(1)
References and Further Reading
505(2)
D. About the Companion Web Site
507(2)
Index 509

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.