Hacking Exposed

Hacking Exposed

Author: Joel Scambray

Publisher: McGraw-Hill/Osborne Media

Published: 2002

Total Pages: 420

ISBN-13: 9780072224382

DOWNLOAD EBOOK

Featuring in-depth coverage of the technology platforms surrounding Web applications and Web attacks, this guide has specific case studies in the popular "Hacking Exposed" format.


Hacking Exposed Web Applications, Third Edition

Hacking Exposed Web Applications, Third Edition

Author: Joel Scambray

Publisher: McGraw Hill Professional

Published: 2010-10-22

Total Pages: 481

ISBN-13: 0071740422

DOWNLOAD EBOOK

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authentication technologies See how real-world session attacks leak sensitive data and how to fortify your applications Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments Safety deploy XML, social networking, cloud computing, and Web 2.0 services Defend against RIA, Ajax, UGC, and browser-based, client-side exploits Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures


Hacking Web Apps

Hacking Web Apps

Author: Mike Shema

Publisher: Newnes

Published: 2012-08-29

Total Pages: 298

ISBN-13: 159749951X

DOWNLOAD EBOOK

HTML5 -- HTML injection & cross-site scripting (XSS) -- Cross-site request forgery (CSRF) -- SQL injection & data store manipulation -- Breaking authentication schemes -- Abusing design deficiencies -- Leveraging platform weaknesses -- Browser & privacy attacks.


Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Author: Rich Cannings

Publisher: McGraw Hill Professional

Published: 2008-01-07

Total Pages: 290

ISBN-13: 0071595481

DOWNLOAD EBOOK

Lock down next-generation Web services "This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings. Plug security holes in Web 2.0 implementations the proven Hacking Exposed way Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks Circumvent XXE, directory traversal, and buffer overflow exploits Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons Use input validators and XML classes to reinforce ASP and .NET security Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks


Hacking Exposed Mobile

Hacking Exposed Mobile

Author: Neil Bergman

Publisher: McGraw Hill Professional

Published: 2013-08-05

Total Pages: 320

ISBN-13: 0071817026

DOWNLOAD EBOOK

Proven security tactics for today's mobile apps, devices, and networks "A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter." -- Slashdot Hacking Exposed Mobile continues in the great tradition of the Hacking Exposed series, arming business leaders and technology practitioners with an in-depth understanding of the latest attacks and countermeasures--so they can leverage the power of mobile platforms while ensuring that security risks are contained." -- Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA Identify and evade key threats across the expanding mobile risk landscape. Hacking Exposed Mobile: Security Secrets & Solutions covers the wide range of attacks to your mobile deployment alongside ready-to-use countermeasures. Find out how attackers compromise networks and devices, attack mobile services, and subvert mobile apps. Learn how to encrypt mobile data, fortify mobile platforms, and eradicate malware. This cutting-edge guide reveals secure mobile development guidelines, how to leverage mobile OS features and MDM to isolate apps and data, and the techniques the pros use to secure mobile payment systems. Tour the mobile risk ecosystem with expert guides to both attack and defense Learn how cellular network attacks compromise devices over-the-air See the latest Android and iOS attacks in action, and learn how to stop them Delve into mobile malware at the code level to understand how to write resilient apps Defend against server-side mobile attacks, including SQL and XML injection Discover mobile web attacks, including abuse of custom URI schemes and JavaScript bridges Develop stronger mobile authentication routines using OAuth and SAML Get comprehensive mobile app development security guidance covering everything from threat modeling to iOS- and Android-specific tips Get started quickly using our mobile pen testing and consumer security checklists


The Web Application Hacker's Handbook

The Web Application Hacker's Handbook

Author: Dafydd Stuttard

Publisher: John Wiley & Sons

Published: 2011-03-16

Total Pages: 770

ISBN-13: 1118079612

DOWNLOAD EBOOK

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.


Hacking Exposed

Hacking Exposed

Author: Joel Scambray

Publisher: McGraw-Hill/Osborne Media

Published: 2003

Total Pages: 448

ISBN-13: 9780072230611

DOWNLOAD EBOOK

Provides coverage of the security features in Windows Server 2003. This book is useful for network professionals working with a Windows Server 2003 and/or Windows XP system.


Hacking Exposed J2EE & Java

Hacking Exposed J2EE & Java

Author: Brian Buege

Publisher: Hacking Exposed

Published: 2002

Total Pages: 464

ISBN-13:

DOWNLOAD EBOOK

J2EE is the programming language backbone of Web services from Sun Microsystems and other major software developers. This work provides instruction on how to hack proof your applications, common Java attacks, countermeasures and specific case studies. Since open-source solutions continue to gain ground in the application server market, the open-source Jboss application server and the Tomcat Web server is covered in detail in addition to the independent software vendor market leader, BEA WebLogic.


Web Application Security, A Beginner's Guide

Web Application Security, A Beginner's Guide

Author: Bryan Sullivan

Publisher: McGraw Hill Professional

Published: 2011-12-06

Total Pages: 353

ISBN-13: 0071776125

DOWNLOAD EBOOK

Security Smarts for the Self-Guided IT Professional “Get to know the hackers—or plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out.”—Ryan McGeehan, Security Manager, Facebook, Inc. Secure web applications from today's most devious hackers. Web Application Security: A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks. This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away. Web Application Security: A Beginner's Guide features: Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the authors' years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work