You are previewing HACKING EXPOSED WEB APPLICATIONS, 3rd Edition.
O'Reilly logo
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition

Book Description

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today’s hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

Table of Contents

  1. Cover Page
  2. Hacking Exposed™ Web Applications: Web Application Security Secrets and Solutions
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. AT A GLANCE
  7. Contents
  8. Foreword
  9. Acknowledgments
  10. Introduction
  11. 1 Hacking Web Apps 101
    1. What Is Web Application Hacking?
      1. GUI Web Hacking
      2. URI Hacking
      3. Methods, Headers, and Body
      4. Resources
      5. Authentication, Sessions, and Authorization
      6. The Web Client and HTML
      7. Other Protocols
    2. Why Attack Web Applications?
    3. Who, When, and Where?
      1. Weak Spots
    4. How Are Web Apps Attacked?
      1. The Web Browser
      2. Browser Extensions
      3. HTTP Proxies
      4. Command-line Tools
      5. Older Tools
    5. Summary
    6. References & Further Reading
  12. 2 Profiling
    1. Infrastructure Profiling
      1. Footprinting and Scanning: Defining Scope
      2. Basic Banner Grabbing
      3. Advanced HTTP Fingerprinting
      4. Infrastructure Intermediaries
    2. Application Profiling
      1. Manual Inspection
      2. Search Tools for Profiling
      3. Automated Web Crawling
      4. Common Web Application Profiles
    3. General Countermeasures
      1. A Cautionary Note
      2. Protecting Directories
      3. Protecting include Files
      4. Miscellaneous Tips
    4. Summary
    5. References & Further Reading
  13. 3 Hacking Web Platforms
    1. Point-and-Click Exploitation Using Metasploit
    2. Manual Exploitation
    3. Evading Detection
    4. Web Platform Security Best Practices
      1. Common Best Practices
      2. IIS Hardening
      3. Apache Hardening
      4. PHP Best Practices
    5. Summary
    6. References & Further Reading
  14. 4 Attacking Web Authentication
    1. Web Authentication Threats
      1. Username/Password Threats
      2. Strong(er) Web Authentication
      3. Web Authentication Services
    2. Bypassing Authentication
      1. Token Replay
      2. Cross-site Request Forgery
      3. Identity Management
      4. Client-side Piggybacking
    3. Some Final Thoughts: Identity Theft
    4. Summary
    5. References & Further Reading
  15. 5 Attacking Web Authorization
    1. Fingerprinting Authz
      1. Crawling ACLs
      2. Identifying Access Tokens
      3. Analyzing Session Tokens
      4. Differential Analysis
      5. Role Matrix
    2. Attacking ACLS
    3. Attacking Tokens
      1. Manual Prediction
      2. Automated Prediction
      3. Capture/Replay
      4. Session Fixation
    4. Authorization Attack Case Studies
      1. Horizontal Privilege Escalation
      2. Vertical Privilege Escalation
      3. Differential Analysis
      4. When Encryption Fails
      5. Using cURL to Map Permissions
    5. Authorization Best Practices
      1. Web ACL Best Practices
      2. Web Authorization/Session Token Security
      3. Security Logs
    6. Summary
    7. References & Further Reading
  16. 6 Input Injection Attacks
    1. Expect the Unexpected
    2. Where to Find Attack Vectors
    3. Bypass Client-Side Validation Routines
    4. Common Input Injection Attacks
      1. Buffer Overflow
      2. Canonicalization (dot-dot-slash)
      3. HTML Injection
      4. Boundary Checks
      5. Manipulate Application Behavior
      6. SQL Injection
      7. XPATH Injection
      8. LDAP Injection
      9. Custom Parameter Injection
      10. Log Injection
      11. Command Execution
      12. Encoding Abuse
      13. PHP Global Variables
      14. Common Side-effects
    5. Common Countermeasures
    6. Summary
    7. References & Further Reading
  17. 7 Attacking XML Web Services
    1. What Is a Web Service?
      1. Transport: SOAP over HTTP(S)
      2. WSDL
      3. Directory Services: UDDI and DISCO
      4. Similarities to Web Application Security
    2. Attacking Web Services
    3. Web Service Security Basics
    4. Summary
    5. References & Further Reading
  18. 8 Attacking Web Application Management
    1. Remote Server Management
      1. Telnet
      2. SSH
      3. Proprietary Management Ports
      4. Other Administration Services
    2. Web Content Management
      1. FTP
      2. SSH/scp
      3. FrontPage
      4. WebDAV
    3. Misconfigurations
      1. Unnecessary Web Server Extensions
      2. Information Leakage Misconfigurations
      3. State Management Misconfiguration
    4. Summary
    5. References & Further Reading
  19. 9 Hacking Web Clients
    1. Exploits
      1. Web Client Implementation Vulnerabilities
    2. Trickery
    3. General Countermeasures
      1. Low-privilege Browsing
      2. Firefox Security Extensions
      3. ActiveX Countermeasures
      4. Server-side Countermeasures
    4. Summary
    5. References & Further Reading
  20. 10 The Enterprise Web Application Security Program
    1. Threat Modeling
      1. Clarify Security Objectives
      2. Identify Assets
      3. Architecture Overview
      4. Decompose the Application
      5. Identify and Document Threats
      6. Rank the Threats
      7. Develop Threat Mitigation Strategies
    2. Code Review
      1. Manual Source Code Review
      2. Automated Source Code Review
      3. Binary Analysis
    3. Security Testing of Web App Code
      1. Fuzzing
      2. Test Tools, Utilities, and Harnesses
      3. Pen-testing
    4. Security in the Web Development Process
      1. People
      2. Process
      3. Technology
    5. Summary
    6. References & Further Reading
  21. A Web Application Security Checklist
  22. B Web Hacking Tools and Techniques Cribsheet
  23. Index