Books+ Search Results
The web application hacker's handbook : discovering and exploiting security flaws
Author
Title
The web application hacker's handbook : discovering and exploiting security flaws / Dafydd Stuttard, Marcus Pinto.
ISBN
9780470237984
0470237988
0470170778
9780470170779
Published
Indianapolis, IN : Wiley Pub., ©2008.
Physical Description
1 online resource (xxxii, 736 pages) : illustrations
Local Notes
Access is available to the Yale community.
Access and use
Access restricted by licensing agreement.
Summary
This handbook offers a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts.
Variant and related titles
O'Reilly Safari. OCLC KB.
Other formats
Print version: Stuttard, Dafydd, 1972- Web application hacker's handbook. Indianapolis, IN : Wiley Pub., ©2008
Format
Books / Online
Language
English
Added to Catalog
December 05, 2023
Bibliography
Includes bibliographical references and index.
Contents
Cover
About the Authors
Credits
Contents
Acknowledgments
Introduction
Overview of This Book
Who Should Read This Book
How This Book Is Organized
Tools You Will Need
What's on the Web Site
Bring It On
Chapter 1: Web Application (In)security
The Evolution of Web Applications
Web Application Security
Chapter Summary
Chapter 2: Core Defense Mechanisms
Handling User Access
Handling User Input
Handling Attackers
Managing the Application
Chapter Summary
Questions
Chapter 3: Web Application Technologies
The HTTP Protocol
Web Functionality
Encoding Schemes
Next Steps
Questions
Chapter 4: Mapping the Application
Enumerating Content and Functionality
Analyzing the Application
Chapter Summary
Questions
Chapter 5: Bypassing Client-Side Controls
Transmitting Data via the Client
Capturing User Data: HTML Forms
Capturing User Data: Thick-Client Components
Handling Client-Side Data Securely
Chapter Summary
Questions
Chapter 6: Attacking Authentication
Authentication Technologies
Design Flaws in Authentication Mechanisms
Implementation Flaws in Authentication
Securing Authentication
Chapter Summary
Questions
Chapter 7: Attacking Session Management
The Need for State
Weaknesses in Session Token Generation
Weaknesses in Session Token Handling
Securing Session Management
Chapter Summary
Questions
Chapter 8: Attacking Access Controls
Common Vulnerabilities
Attacking Access Controls
Securing Access Controls
Chapter Summary
Questions
Chapter 9: Injecting Code
Injecting into Interpreted Languages
Injecting into SQL
Injecting OS Commands
Injecting into Web Scripting Languages
Injecting into SOAP
Injecting into XPath
Injecting into SMTP
Injecting into LDAP
Chapter Summary
Questions
Chapter 10: Exploiting Path Traversal
Common Vulnerabilities
Finding and Exploiting Path Traversal Vulnerabilities
Preventing Path Traversal Vulnerabilities
Chapter Summary
Questions
Chapter 11: Attacking Application Logic
The Nature of Logic Flaws
Real-World Logic Flaws
Avoiding Logic Flaws
Chapter Summary
Questions
Chapter 12: Attacking Other Users
Cross-Site Scripting
Redirection Attacks
HTTP Header Injection
Frame Injection
Request Forgery
JSON Hijacking
Session Fixation
Attacking ActiveX Controls
Local Privacy Attacks
Advanced Exploitation Techniques
Chapter Summary
Questions
Chapter 13: Automating Bespoke Attacks
Uses for Bespoke Automation
Enumerating Valid Identifiers
Harvesting Useful Data
Fuzzing for Common Vulnerabilities
Putting It All Together: Burp Intruder
Chapter Summary
Questions
Chapter 14: Exploiting Information Disclosure
Exploiting Error Messages
Gathering Published Information
T$11002.
Subjects
Also listed under
Bookmark As
Citation
