Hacking Exposed Web Applications, Second Edition

Have a Promotion Code?

Please enter it here:

About special promotions

Great deals and more!

Sign up for special offers, exclusive discounts, and new product announcements from McGraw-Hill Professional.

SIGN UP TODAY

Other titles in LANGE Case Files


By

Joel Scambray, Mike Shema, Caleb Sima

Date

June 6, 2010

Format

Electronic book text, 520 pages

ISBN

007149104X / 9780071491044


Adobe Digital Editions® is required to view your downloaded eBooks.
 Click here to get Adobe Digital Editions
To learn more about eBooks please see our eBook FAQ.


If you're having problems installing due to firewall issues please go here:
http://kb2.adobe.com/cps/403/kb403051.html

Add to cart Save for later

$

Your Price

49.99



Overview


Main description

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.


Table of contents

Chapter 1: Hacking Web Apps 101Chapter 2: ProfilingChapter 3: Hacking Web PlatformsChapter 4: Attacking Web AuthenticationChapter 5: Attacking Web AuthorizationChapter 6: Input Validation AttacksChapter 7: Attacking Web DatastoresChapter 8: Attacking XML Web ServicesChapter 9: Attacking Web Application ManagementChapter 10: Hacking Web ClientsChapter 11: Denial-of-Service (DoS) AttacksChapter 12: Full-Knowledge AnalysisChapter 13: Web Application Security ScannersAPPENDIX A: WEB APPLICATION SECURITY CHECKLISTAPPENDIX B: WEB HACKING TOOLS AND TECHNIQUES CRIBSHEETAPPENDIX C: URLScan AND ModSecurityAPPENDIX D: ABOUT THE COMPANION WEB SITEINDEX


Author comments

Joel Scambray, CISSP, is a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform group to focus on security technology development. He has more than 15 years of information security experience, including senior management roles at Ernst & Young, co-founder of Foundstone, technical consultant for Fortune 500 enterprises, and co-author of the best-selling Hacking Exposed book series.

Mike Shema, is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit.

Caleb Sima, is the co-founder and CTO of SPI Dynamics, a web application security products company, and has more than 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press. He is also a contributing author to various magazines and online columns. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).


Back cover copy

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

  • Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
  • Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
  •  Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
  • See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques
  • Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
  • Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
  • Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
  • Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

 

 




Company Info

Services

Website

Brands

Online Subscriptions

 


Copyright 2013 McGraw-Hill Global Education Holdings, LLC

WELCOME!

Before you can enjoy free downloads from McGraw-Hill Professional, we ask that you please provide your email address and country.

Happy shopping! And thank you for visiting McGraw-Hill Professional.