Hacking Exposed Web Applications, Second Edition

Joel Scambray, CISSP, is Managing Principal with Citigal as well as Co-Founder of Consciere LLC. He was previously chief strategy officer for Leviathan Security Group. He has assisted companies ranging from newly minted startups to members of the Fortune 50 in addressing information security challenges and opportunities for over a dozen years. Joel's background includes roles as an executive, technical consultant, and entrepreneur. He was a senior director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone, Inc. He has also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. Joel has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel Scambray is the co-author of all 6 editions of Hacking Exposed. He is also the lead author of Hacking Exposed Windows and Hacking Exposed Web Applications. Mike Shema is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit. Caleb Sima is the co-founder and CTO of SPI Dynamics, a web application security products company, and has more than 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press. He is also a contributing author to various magazines and online columns. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).

Chapter 1: Hacking Web Apps 101Chapter 2: ProfilingChapter 3: Hacking Web PlatformsChapter 4: Attacking Web AuthenticationChapter 5: Attacking Web AuthorizationChapter 6: Input Validation AttacksChapter 7: Attacking Web DatastoresChapter 8: Attacking XML Web ServicesChapter 9: Attacking Web Application ManagementChapter 10: Hacking Web ClientsChapter 11: Denial-of-Service (DoS) AttacksChapter 12: Full-Knowledge AnalysisChapter 13: Web Application Security ScannersAPPENDIX A: WEB APPLICATION SECURITY CHECKLISTAPPENDIX B: WEB HACKING TOOLS AND TECHNIQUES CRIBSHEETAPPENDIX C: URLScan AND ModSecurityAPPENDIX D: ABOUT THE COMPANION WEB SITEINDEX