Cantitate/Preț
Produs

The Web Application Hacker′s Handbook: Finding and Exploiting Security Flaws

De (autor) ,
Notă GoodReads:
en Limba Engleză Carte Paperback – 07 Oct 2011
New technologies. New attack techniques. Start hacking. Web applications are everywhere, and they′re insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This book shows you how they do it.
This fully updated edition contains the very latest attack techniques and countermeasures, showing you how to break into today′s complex and highly functional applications. Roll up your sleeves and dig in.
  • Discover how cloud architectures and social networking have added exploitable attack surfaces to applications
  • Leverage the latest HTML features to deliver powerful cross–site scripting attacks
  • Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks
  • Learn how to break encrypted session tokens and other sensitive data found in cloud services
  • Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users
  • Learn new techniques for automating attacksand dealing with CAPTCHAs and cross–site request forgery tokens
  • Steal sensitive data across domains using seemingly harmless application functions and new browser features
Find help and resources at http://mdsec.net/wahh
  • Source code for some of the scripts in the book
  • Links to tools and other resources
  • A checklist of tasks involved in most attacks
  • Answers to the questions posed in each chapter
  • Hundreds of interactive vulnerability labs
Citește tot Restrânge

Preț: 23143 lei

Preț vechi: 26505 lei
-13%

Puncte Express: 347

Preț estimativ în valută:
4728 5806$ 4128£

Carte disponibilă

Livrare economică 11-23 mai
Livrare express 27 aprilie-01 mai pentru 6885 lei

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781118026472
ISBN-10: 1118026470
Pagini: 912
Dimensiuni: 187 x 233 x 43 mm
Greutate: 1.33 kg
Ediția: 2nd Edition
Editura: Wiley
Locul publicării: Hoboken, United States

Public țintă

Primary audience:  Professional web application security professionals Secondary audience: Web developers and administrators  The ideal reader for this book would be: someone with a strong interest in learning how to attack or defend web applications. Some knowledge of key security concepts, and core web technologies, would be beneficial. However, all of these will be explained in the book at the appropriate point, making the book suitable both for beginners and for readers with more experience in this area.

Textul de pe ultima copertă

New technologies. New attack techniques. Start hacking. Web applications are everywhere, and they′re insecure. Banks, retailers, and others have deployed millions of applications that are full of holes, allowing attackers to steal personal data, carry out fraud, and compromise other systems. This book shows you how they do it.
This fully updated edition contains the very latest attack techniques and countermeasures, showing you how to break into today′s complex and highly functional applications. Roll up your sleeves and dig in.
  • Discover how cloud architectures and social networking have added exploitable attack surfaces to applications
  • Leverage the latest HTML features to deliver powerful cross–site scripting attacks
  • Deliver new injection exploits, including XML external entity and HTTP parameter pollution attacks
  • Learn how to break encrypted session tokens and other sensitive data found in cloud services
  • Discover how technologies like HTML5, REST, CSS and JSON can be exploited to attack applications and compromise users
  • Learn new techniques for automating attacksand dealing with CAPTCHAs and cross–site request forgery tokens
  • Steal sensitive data across domains using seemingly harmless application functions and new browser features
Find help and resources at http://mdsec.net/wahh
  • Source code for some of the scripts in the book
  • Links to tools and other resources
  • A checklist of tasks involved in most attacks
  • Answers to the questions posed in each chapter
  • Hundreds of interactive vulnerability labs

Cuprins

Introduction xxiii Chapter 1 Web Application (In)security 1
Chapter 2 Core Defense Mechanisms 17
Chapter 3 Web Application Technologies 39
Chapter 4 Mapping the Application 73
Chapter 5 Bypassing Client–Side Controls 117
Chapter 6 Attacking Authentication 159
Chapter 7 Attacking Session Management 205
Chapter 8 Attacking Access Controls 257
Chapter 9 Attacking Data Stores 287
Chapter 10 Attacking Back–End Components 357
Chapter 11 Attacking Application Logic 405
Chapter 12 Attacking Users: Cross–Site Scripting 431
Chapter 13 Attacking Users: Other Techniques 501
Chapter 14 Automating Customized Attacks 571
Chapter 15 Exploiting Information Disclosure 615
Chapter 16 Attacking Native Compiled Applications 633
Chapter 17 Attacking Application Architecture 647
Chapter 18 Attacking the Application Server 669
Chapter 19 Finding Vulnerabilities in Source Code 701
Chapter 20 A Web Application Hacker’s Toolkit 747
Chapter 21 A Web Application Hacker’s Methodology 791
Index 853

Notă biografică

DAFYDD STUTTARD is an independent security consultant, author, and software developer specializing in penetration testing of web applications and compiled software. Under the alias PortSwigger, Dafydd created the popular Burp Suite of hacking tools. MARCUS PINTO delivers security consultancy and training on web application attack and defense to leading global organizations in the financial, government, telecom, gaming, and retail sectors.
The authors cofounded MDSec, a consulting company that provides training in attack and defense–based security.