By Joel Scambray, Caleb Sima, Vincent T. Liu
The most up-to-date internet app assaults and countermeasures from world-renowned practitioners
Protect your net purposes from malicious assaults by way of studying the guns and suggestion procedures of today's hacker. Written through famous safeguard practitioners and idea leaders, Hacking uncovered net purposes, 3rd variation is totally up-to-date to hide new infiltration tools and countermeasures. tips on how to strengthen authentication and authorization, plug holes in Firefox and IE, toughen opposed to injection assaults, and safe internet 2.0 beneficial properties. Integrating safety into the net improvement lifecycle (SDL) and into the wider company details protection application can be coated during this entire resource.
* Get complete information at the hacker's footprinting, scanning, and profiling instruments, together with SHODAN, Maltego, and OWASP DirBuster
* See new exploits of well known structures like sunlight Java approach internet Server and Oracle WebLogic in operation
* know the way attackers defeat prevalent net authentication technologies
* See how real-world consultation assaults leak delicate info and the way to toughen your applications
* study the main devastating tools utilized in today's hacks, together with SQL injection, XSS, XSRF, phishing, and XML injection techniques
* locate and connect vulnerabilities in ASP.NET, Hypertext Preprocessor, and J2EE execution environments
* security set up XML, social networking, cloud computing, and net 2.0 services
* shield opposed to RIA, Ajax, UGC, and browser-based, client-side exploits
* enforce scalable chance modeling, code assessment, software scanning, fuzzing, and defense trying out systems
Read Online or Download Hacking Exposed: Web Applications (3rd Edition) PDF
Similar hacking books
Excellent intro to tools/methods used for simple hacking. no longer whole for CEH prep, as they do not discuss IDS/IPS or different shielding measures any. No coding, basically instruments and their utilization. An easy-to-read primer.
Need to know how most sensible to take advantage of eBay? even if you are a newcomer or longtime person, eBay Hacks will educate you to turn into effective as either a customer and vendor. you can find quite a lot of issues, from tracking the bidding technique, getting refunds, and solving images in order that sale goods glance their most sensible, to in-depth advice for working a enterprise on eBay and writing scripts that automate one of the most tedious projects.
Are looking to locate each pizza position inside of a 15-mile radius? the place the puppy parks are in a brand new city? the main primary assembly position to your category, membership or staff of pals? the most affordable gasoline stations on a daily foundation? the site of convicted intercourse offenders in a space to which you will be contemplating relocating?
- Internet Fraud Casebook: The World Wide Web of Deceit
- The Network Security Test Lab: A Step-by-Step Guide
- CEH v9: Certified Ethical Hacker Version 9 Study Guide
- Honeypots and Routers: Collecting Internet Attacks
Additional resources for Hacking Exposed: Web Applications (3rd Edition)
See Chapter 8 for a discussion of common attacks and countermeasures against web-based administration ports. Don’t overlook port scanning—many web applications are compromised via inappropriate services running on web servers or other servers adjacent to web application servers in the DMZ. Rather than reiterating in detail these methodologies that are only partially relevant to web application assessment, we recommend that readers interested in a more expansive discussion consult the other editions of the Hacking Exposed series (see the “References & Further Reading” section at the end of this chapter for more information), and we’ll move on to aspects of infrastructure profiling that are more directly relevant to web applications.
Figure 1-10 shows the results of overflow testing using Burp Intruder. Burp Intruder lends itself well to fuzz-testing (see Chapter 10) and denial-of-service testing using its Ignore Response mode, but it isn’t well suited for more exacting work where individual, specifically crafted insertions are required. Google Ratproxy Google’s announcement of the release of its first web security tool in July 2008 made waves in the security community. The utility was reportedly used internally at Google before its release, so many anticipated it would provide web security auditing capabilities at a level of sophistication and scale befitting the company that released it.
For example, if the target server uses HTTPS, a tool like SSLProxy, stunnel, or openssl is required to proxy that protocol in front of netcat (see “References & Further Reading” in this chapter for links to these utilities). As we’ve seen in this chapter, there are numerous tools that automatically handle basic HTTP/S housekeeping, which requires manual intervention when using netcat. Generally, we recommend using other tools discussed in this chapter for web app security testing. Older Tools HTTP hacking tools come and go and surge and wane in popularity.