Book description
"Both novice and seasoned readers will come away with an
increased understanding of how Web hacking occurs and enhanced
skill at developing defenses against such Web attacks. Technologies
covered include Web languages and protocols, Web and database
servers, payment systems and shopping carts, and critical
vulnerabilities associated with URLs. This book is a virtual battle
plan that will help you identify and eliminate threats that could
take your Web site off line..."
--From the Foreword by William C. Boni, Chief Information Security
Officer, Motorola
"Just because you have a firewall and IDS sensor does not mean
you aresecure; this book shows you why."
--Lance Spitzner, Founder, The Honeynet Project
Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.
Features include:
Overview of the Web and what hackers go after
Complete Web application security methodologies
Detailed analysis of hack techniques
Countermeasures
What to do at development time to eliminate vulnerabilities
New case studies and eye-opening attack scenarios
Advanced Web hacking concepts, methodologies, and tools
"How Do They Do It?" sections show how and why different attacks succeed, including:
Cyber graffiti and Web site defacements
e-Shoplifting
Database access and Web applications
Java™ application servers; how to harden your Java™ Web Server
Impersonation and session hijacking
Buffer overflows, the most wicked of attacks
Automated attack tools and worms
Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.
Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.
0201761769B07192002
Table of contents
- Copyright
- Foreword
- Introduction
-
1. The E-Commerce Playground
- 1. Web Languages: The Babylon of the 21st Century
- 2. Web and Database Servers
-
3. Shopping Carts and Payment Gateways
- Introduction
- Evolution of the Storefront
- Electronic Shopping
- Shopping Cart Systems
- Implementation of a Shopping Cart Application
- Examples of Poorly Implemented Shopping Carts
- Processing Payments
- Overview of the Payment Processing System
- Interfacing with a Payment GatewayâAn Example
- Payment System Implementation Issues
- PayPalâEnabling Individuals to Accept Electronic Payments
- Summary
- 4. HTTP and HTTPS: The Hacking Protocols
- 5. URL: The Web Hacker's Sword
-
2. URLs Unraveled
-
6. Web: Under (the) Cover
- Introduction
- The Components of a Web Application
- Wiring the Components
- Connecting with the Database
- Specialized Web Application Servers
- Identifying Web Application Components from URLs
-
The Basics of Technology Identification
-
Examples
- URL: http://www1.example.com/homepage.nsf?Open
- URL: http://www2.example.com/software/buy.jhtml;jsessionid=ZYQFN5W HKORD5QFIAE0SFF GAVAAUIIV0
- URL: http://www3.example.com/cgi-bin/ncommerce3/ExecMacro/webstore/ home.d2w/report
- URL: http://www4.example.com/ category.jsp?id=21&StoreSession=PC1q Nwwm0xqCFOWHZcYxZaZ21laYQEfOetnSjrYtrsxSC1V7b|3886513130244820/ 167838525/6/7001/7001/7002/7002/7001/-1
- URL: http://www5.example.com/site/index/0,10017,2578,00.html
- More Examples
-
Examples
-
Advanced Techniques for Technology Identification
-
Examples
- URL: http://www8.example.com/webapp/wcs/stores/servlet/Display?storeId= 10001&langId=-1&catalogId=10001&categoryId=10052&clearance=0&catTree= 10052
- URL: https://www9.example.com/OA_HTML/store.jsp?section=101&prod_ses=j= 4081:Guest:US:jtfpfalse:jtfpi-1:671:504:75123~zv=75123~zs=t~zp=504~zo=2~zm= 101~zj=Guest~zi=504
-
Examples
- Identifying Database Servers
- Countermeasures
- Summary
-
7. Reading Between the Lines
- Introduction
- Information Leakage Through HTML
- What the Browsers Don't Show You
- Clues to Look For
- HTML Comments
- Internal and External Hyperlinks
- E-Mail Addresses and Usernames
- Keywords and Meta Tags
- Hidden Fields
- Client-Side Scripts
- Automated Source Sifting Techniques
- Sam Spade, Black Widow, and Teleport Pro
- Summary
- 8. Site Linkage Analysis
-
6. Web: Under (the) Cover
-
3. How Do They Do It?
- 9. Cyber Graffiti
- 10. E-Shoplifting
- 11. Database Access
- 12. Java: Remote Command Execution
- 13. Impersonation
- 14. Buffer Overflows: On-the-Fly
- 4. Advanced Web Kung Fu
- A. Web and Database Port Listing
- B. HTTP/1.1 and HTTP/1.0 Method and Field Definitions
- C. Remote Command Execution Cheat Sheet
- D. Source Code, File, and Directory Disclosure Cheat Sheet
- E. Resources and Links
- F. Web-Related Tools
Product information
- Title: Web Hacking: Attacks and Defense
- Author(s):
- Release date: August 2002
- Publisher(s): Addison-Wesley Professional
- ISBN: 0201761769
You might also like
book
Hacking Web Intelligence
Open source intelligence (OSINT) and web reconnaissance are rich topics for infosec professionals looking for the …
book
Chained Exploits: Advanced Hacking Attacks from Start to Finish
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them Nowadays, it’s rare …
book
Penetration Testing and Network Defense
The practical guide to simulating, detecting, and responding to network attacks Create step-by-step testing plans Learn …
book
Hack I.T.: Security Through Penetration Testing
"This book covers not just the glamorous aspects such as the intrusion act itself, but all …