Book description
In this book, we aim to describe how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. We will describe common security issues in Web applications, tell you how to find them, describe how to exploit them, and then tell you how to fix them. We will also cover how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. We will also try to explain how to detect if hackers are actively trying to exploit vulnerabilities in your own Web applications.- Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more.
- See why Cross Site Scripting attacks can be so devastating.
Table of contents
- Copyright
- Contributing Authors
-
1. Introduction to Web Application Hacking
- Introduction
- Web Application Architecture Components
- Complex Web Application Software Components
- Putting it all Together
- The Web Application Hacking Methodology
-
The History of Web Application Hacking and the Evolution of Tools
- Example 1: Manipulating the URL Directly (GET Method Form Submittal)
- Example 2: The POST Method
- Example 3: Man in the Middle Sockets
- The Graphical User Interface Man in the Middle Proxy
- Common (or Known) Vulnerability Scanners
- Spiders and other Crawlers
- Automated Fuzzers
- All in One and Multi Function Tools
- OWASP’s WebScarab Demonstration
- Web Application Hacking Tool List
- Security E-Mail Lists
- Summary
- 2. Information Gathering Techniques
- 3. Introduction to Server Side Input Validation Issues
- 4. Client-Side Exploit Frameworks
-
5. Web-Based Malware
- Introduction
- Attacks on the Web
- Hacking into Web Sites
- Index Hijacking
- DNS Poisoning (Pharming)
- Malware and the Web: What, Where, and How to Scan
- Parsing and Emulating HTML
- Browser Vulnerabilities
- Testing HTTP-scanning Solutions
- Tangled Legal Web
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- 6. Web Server and Web Application Testing with BackTrack
-
7. Securing Web Based Services
- Introduction
-
Web Security
- Web Server Lockdown
- Stopping Browser Exploits
- SSL and HTTP/S
- Instant Messaging
- Web-based Vulnerabilities
- Buffer Overflows
- Making Browsers and E-mail Clients More Secure
- Securing Web Browser Software
- CGI
- Break-ins Resulting from Weak CGI Scripts
- FTP Security
- Directory Services and LDAP Security
- Summary
- Solutions Fast Track
- Frequently Asked Questions
Product information
- Title: Web Application Vulnerabilities
- Author(s):
- Release date: April 2011
- Publisher(s): Syngress
- ISBN: 9780080556642
You might also like
book
Securing Web Applications
Most enterprise applications today live on the network edge, right where attackers are focusing increasing attention …
book
Web Application Firewalls
Firewalls have traditionally focused on network traffic, but with the advent of cloud computing and DevOps, …
book
Web Security for Developers
The world has changed. Today, every time you make a site live, you’re opening it up …
book
Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications
Start with the basics of bug hunting and learn more about implementing an offensive approach by …