Developer's Guide to Web Application Security (eBook)
500 Seiten
Elsevier Science (Verlag)
978-0-08-050409-4 (ISBN)
This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
* The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002
* Author Matt Fisher is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more
* The Companion Web site will have downloadable code and scripts presented in the book
Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential. - The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002- Author Michael Cross is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more
Front Cover 1
Developer's Guide to Web Application Security 4
Copyright Page 5
Contents 14
Chapter 1. Hacking Methodology 24
Introduction 25
A Brief History of Hacking 26
What Motivates a Hacker? 30
Understanding Current Attack Types 33
Recognizing Web Application Security Threats 46
Preventing Break-Ins by Thinking like a Hacker 48
Summary 51
Solutions Fast Track 51
Frequently Asked Questions 55
Chapter 2. How to Avoid Becoming a Code Grinder 58
Introduction 59
What Is a Code Grinder? 60
Thinking Creatively when Coding 64
Security from the Perspective of a Code Grinder 69
Building Functional and Secure Web Applications 72
Summary 85
Solutions Fast Track 86
Frequently Asked Questions 87
Chapter 3. Understanding the Risk Associated with Mobile Code 90
Introduction 91
Recognizing the Impact of Mobile Code Attacks 92
Identifying Common Forms of Mobile Code 95
Protecting Your System from Mobile Code Attacks 126
Summary 133
Solutions Fast Track 133
Frequently Asked Questions 135
Chapter 4. Vulnerable CGI Scripts 136
Introduction 137
What Is a CGI Script, and What Does It Do? 137
Break-Ins Resulting from Weak CGI Scripts 146
Languages for Writing CGI Scripts 163
Advantages of Using CGI Scripts 166
Rules for Writing Secure CGI Scripts 166
Summary 172
Solutions Fast Track 172
Frequently Asked Questions 175
Chapter 5. Hacking Techniques and Tools 178
Introduction 179
A Hacker’s Goals 180
The Five Phases of Hacking 189
Defacing Web Sites 199
Social Engineering 201
The Intentional “Back Door”Attack 206
Exploiting Inherent Weaknesses in Code or Programming Environments 209
The Tools of the Trade 210
Summary 215
Solutions Fast Track 215
Frequently Asked Questions 219
Chapter 6. Code Auditing and Reverse Engineering 222
Introduction 223
How to Efficiently Trace through a Program 223
Auditing and Reviewing Selected Programming Languages 226
Looking for Vulnerabilities 229
Pulling It All Together 247
Summary 248
Solutions Fast Track 248
Frequently Asked Questions 249
Chapter 7. Securing Your Java Code 250
Introduction 251
Overview of the Java Security Architecture 255
How Java Handles Security 264
Potential Weaknesses in Java 282
Coding Functional but Secure Java Applets 286
Summary 314
Solutions Fast Track 315
Frequently Asked Questions 316
Chapter 8. Securing XML 318
Introduction 319
Defining XML 319
Creating Web Applications Using XML 330
The Risks Associated with Using XML 334
Securing XML 336
Summary 344
Solutions Fast Track 344
Frequently Asked Questions 346
Chapter 9. Building Safe ActiveX Internet Controls 348
Introduction 349
Dangers Associated with Using ActiveX 349
Methodology for Writing Safe ActiveX Controls 360
Securing ActiveX Controls 361
Summary 371
Solutions Fast Track 371
Frequently Asked Questions 374
Chapter 10. Securing ColdFusion 376
Introduction 377
How Does ColdFusion Work? 378
Preserving ColdFusion Security 383
ColdFusion Application Processing 399
Risks Associated with Using ColdFusion 405
Summary 413
Solutions Fast Track 413
Frequently Asked Questions 415
Chapter 11. Developing Security-Enabled Applications 416
Introduction 417
The Benefits of Using Security-Enabled Applications 417
Types of Security Used in Applications 418
Reviewing the Basics of PKI 433
Using PKI to Secure Web Applications 439
Implementing PKI in Your Web Infrastructure 440
Testing Your Security Implementation 445
Summary 448
Solutions Fast Track 449
Frequently Asked Questions 452
Chapter 12. Cradle to Grave: Working with a Security Plan 454
Introduction 455
Examining Your Code 456
Being Aware of Code Vulnerabilities 461
Using Common Sense when Coding 465
Creating a Security Plan 471
Summary 476
Solutions Fast Track 477
Frequently Asked Questions 478
Index 480
Erscheint lt. Verlag | 18.4.2011 |
---|---|
Sprache | englisch |
Themenwelt | Sachbuch/Ratgeber |
Informatik ► Netzwerke ► Sicherheit / Firewall | |
Informatik ► Theorie / Studium ► Kryptologie | |
Mathematik / Informatik ► Informatik ► Web / Internet | |
Wirtschaft ► Betriebswirtschaft / Management | |
ISBN-10 | 0-08-050409-4 / 0080504094 |
ISBN-13 | 978-0-08-050409-4 / 9780080504094 |
Haben Sie eine Frage zum Produkt? |
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich