rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780072227840

HackNotes Web Security Pocket Reference

by
  • ISBN13:

    9780072227840

  • ISBN10:

    0072227842

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2003-06-25
  • Publisher: McGraw-Hill Osborne Media

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $29.99 Save up to $7.50
  • Buy Used
    $22.49
    Add to Cart

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Summary

Let consultant, trainer, and author Mike Shema show you how to guard against standard and uncommon network penetration methodologies and eliminate susceptibility to e-commerce hacking. Plus, learn to bolster Web application security and secure vulnerable hacking function areas.

Table of Contents

Acknowledgments xiii
Hacknotes: The Series xv
Introduction xix
Reference Center
Application Assessment Methodology Checklist
RC2
HTTP Protocol Notes
RC10
Input Validation Tests
RC13
Common Web-Related Ports and Applications
RC16
Quick-Reference Command Techniques
RC18
Application Default Accounts and Configuration Files
RC21
"Wargling" Search Terms
RC22
IIS Metabase Settings and Recommendations
RC23
Online References
RC28
Useful Tools
RC30
Part I Hacking Techniques & Defenses
1 Web Hacking & Penetration Methodologies
3(20)
Threats and Vulnerabilities
4(1)
Profiling the Platform
5(4)
Profiling the Application
9(12)
Summary
21(2)
2 Critical Hacks & Defenses
23(52)
Generic Input Validation
25(4)
Common Vectors
27(1)
Source Disclosure
28(1)
Character Encoding
29(3)
URL Encoding (Escaped Characters)
29(1)
Unicode
30(2)
Alternate Request Methods
32(1)
SQL Injection
33(15)
Microsoft SQL Server
39(3)
Oracle
42 (2)
MySQL
44 (2)
PostgreSQL
46(1)
Putting It Together
47(1)
Cross-Site Scripting
48(2)
Token Analysis
50(5)
Finding Tokens
50 (1)
Encoded vs. Encrypted
51 (4)
Pattern Analysis
55(1)
Session Attacks
55(8)
Session Correlation
61(2)
XML-Based Services
63(2)
Attacking XML
64 (1)
Fundamental Application Defenses
65(1)
Input Validation
65(7)
Summary
72(3)
Part II Host Assessment & Hardening
3 Platform Assessment Methodology
75(24)
Vulnerability Scanners
76(10)
Whisker and LibWhisker
76(2)
Nikto
78(3)
Nessus
81(5)
Assessment Tools
86(8)
Achilles
86(1)
WebProxy 2.1
87(4)
Curl
91 (3)
Replaying Requests
94(4)
Summary
98(1)
4 Assessment & Hardening Checklists
99(22)
An Overview of Web Servers
100(1)
Log File Checklist
101(1)
Apache
101(9)
Compile-Time Options
101(5)
Configuration File: httpd.conf
106(4)
IIS
110(7)
Adsutil.vbs and the Metabase
110(2)
Accounts
112(1)
File Security
112(4)
Logging
116(1)
IIS Lockdown Utility (iislockd.exe)
116(1)
Summary
117(4)
Part III Special Topics
5 Web Server Security &Analysis
121(18)
Web Server Log Analysis
122 (7)
Proxies
129 (1)
Load Balancers
130 (2)
The Scope of an Attack
132(5)
Read or Write Access to the File System
132(1)
Arbitrary Command Execution
132(5)
Summary
137(2)
6 Secure Coding
139(12)
Secure Programming
140(4)
Language-Specific Items
144(5)
Java
144(2)
ASP
146(1)
Peri
147(1)
PHP
148(1)
Summary
149(2)
A 7-Bit ASCII Reference
151(8)
B Web Application Scapegoat
159(6)
Installing WebGoat
160(1)
Using WebGoat
161(4)
Index 165

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program