ROBOTICS & AUTOMATION
Empowering Progress
Up to 25% off Essentials Robotics and Automation titles
Hack Proofing Your Web Applications
The Only Way to Stop a Hacker Is to Think Like One
- 1st Edition - June 18, 2001
- Author: Syngress
- Language: English
- Paperback ISBN:9 7 8 - 1 - 9 2 8 9 9 4 - 3 1 - 2
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 4 7 8 1 3 - 5
From the authors of the bestselling Hack Proofing Your Network!OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problem… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteFrom the authors of the bestselling Hack Proofing Your Network!
OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problems, how can anyone be safe? How can any programmer expect to develop web applications that are secure?
Hack Proofing Your Web Applications is the only book specifically written for application developers and webmasters who write programs that are used on web sites. It covers Java applications, XML, ColdFusion, and other database applications. Most hacking books focus on catching the hackers once they've entered the site; this one shows programmers how to design tight code that will deter hackers from the word go.
Comes with up-to-the-minute web based support and a CD-ROM containing source codes and sample testing programs
Unique approach: Unlike most hacking books this one is written for the application developer to help them build less vulnerable programs
OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problems, how can anyone be safe? How can any programmer expect to develop web applications that are secure?
Hack Proofing Your Web Applications is the only book specifically written for application developers and webmasters who write programs that are used on web sites. It covers Java applications, XML, ColdFusion, and other database applications. Most hacking books focus on catching the hackers once they've entered the site; this one shows programmers how to design tight code that will deter hackers from the word go.
Comes with up-to-the-minute web based support and a CD-ROM containing source codes and sample testing programs
Unique approach: Unlike most hacking books this one is written for the application developer to help them build less vulnerable programs
Webmasters and programmers writing web applications
Foreword
Chapter 1 Hacking Methodology
Introduction
Understanding the Terms
A Brief History of Hacking
Phone System Hacking
Computer Hacking
What Motivates a Hacker
Ethical Hacking versus Malicious Hacking
Working with Security Professionals
Understanding Current Attack Types
DoS/DDoS
Virus Hacking
Stealing
Recognizing Web Application Security Threats
Hidden Manipulation
Parameter Tampering
Cross-Site Scripting
Buffer Overflow
Cookie Poisoning
Preventing Break-Ins by Thinking Like a Hacker
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 How to Avoid Becoming a “Code Grinder”
Introduction
What Is a Code Grinder
Following the Rules
Thinking Creatively When Coding
Allowing for Thought
Security from the Perspective of a Code Grinder
Coding in a Vacuum
Building Functional and Secure Web Applications
But My Code Is Functional
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Understanding the Risks Associated with Mobile Code
Introduction
Recognizing the Impact of Mobile Code Attacks
Browser Attacks
Mail Client Attacks
Malicious Scripts or Macros
Identifying Common Forms of Mobile Code
Macro Languages:Visual Basic for Applications (VBA)
JavaScript
VBScript
Java Applets
ActiveX Controls
E-Mail Attachments and Downloaded Executables
Protecting Your System from Mobile Code Attacks
Security Applications
Web-Based Tools
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Vulnerable CGI Scripts
Introduction
What Is a CGI Script, and What Does It Do
Typical Uses of CGI Scripts
When Should You Use CGI
Break-Ins Resulting from Weak CGI Scripts
How to Write “Tighter” CGI Scripts
Searchable Index Commands
CGI Wrappers
Languages for Writing CGI Scripts
Unix Shell
Perl
C/C++
Visual Basic
Advantages of Using CGI Scripts
Rules for Writing Secure CGI Scripts
Storing CGI Scripts
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Hacking Techniques and Tools
Introduction
A Hacker’s Goals
Minimize the Warning Signs
Maximize the Access
Damage, Damage,Damage
Turning the Tables
The Five Phases of Hacking
Creating an Attack Map
Building an Execution Plan
Establishing a Point of Entry
Continued and Further Access
The Attack
Social Engineering
Sensitive Information
The Intentional “Back Door” Attack
Hard-Coding a Back Door Password
Exploiting Inherent Weaknesses in Code or Programming Environments
The Tools of the Trade
Hex Editors
Debuggers
Disassemblers
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Code Auditing and Reverse Engineering
Introduction
How to Efficiently Trace through a Program
Auditing and Reviewing Selected Programming Languages
Reviewing Java
Reviewing Java Server Pages
Reviewing Active Server Pages
Reviewing Server Side Includes
Reviewing Python
Reviewing Tool Command Language
Reviewing Practical Extraction and Reporting Language
Reviewing PHP: Hypertext Preprocessor
Reviewing C/C++
Reviewing ColdFusion
Looking for Vulnerabilities
Getting the Data from the User
Looking for Buffer Overflows
Checking the Output Given to the User
Checking for File System Access/Interaction
Checking External Program and Code Execution
Checking Structured Query Language (SQL)/Database Queries
Checking Networking and Communication Streams
Pulling It All Together
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Securing Your Java Code
Introduction
Overview of the Java Security Architecture
The Java Security Model
The Sandbox
How Java Handles Security
Class Loaders
Byte-Code Verifier
Java Protected Domains
Potential Weaknesses in Java
DoS Attack/Degradation of Service Attacks
Third-Party Trojan Horse Attacks
Coding Functional but Secure Java Applets
Message Digests
Digital Signatures
Authentication
Protecting Security with JAR Signing
Encryption
Sun Microsystems Recommendations for Java Security
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Securing XML
Introduction
Defining XML
Logical Structure
Elements
XML and XSL/DTD Documents
XSL Use of Templates
XSL Use of Patterns
DTD
Creating Web Applications Using XML
The Risks Associated with Using XML
Confidentiality Concerns
Securing XML
XML Encryption
XML Digital Signatures
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Building Safe ActiveX Internet Controls
Introduction
Dangers Associated with Using ActiveX
Avoiding Common ActiveX Vulnerabilities
Lessening the Impact of ActiveX Vulnerabilities
Methodology for Writing Safe ActiveX Controls
Object Safety Settings
Securing ActiveX Controls
Control Signing
Control Marking
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Securing ColdFusion
Introduction
How Does ColdFusion Work
Utilizing the Benefit of Rapid Development
Understanding ColdFusion Markup Language
Preserving ColdFusion Security
Secure Development
Secure Deployment
ColdFusion Application Processing
Checking for Existence of Data
Checking Data Types
Data Evaluation
Risks Associated with Using ColdFusion
Using Error Handling Programs
Using Per-Session Tracking
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Developing Security-Enabled Applications
Introduction
The Benefits of Using Security-Enabled Applications
Types of Security Used in Applications
Digital Signatures
Pretty Good Privacy
Secure Multipurpose Internet Mail Extension
Secure Sockets Layer
Digital Certificates
Reviewing the Basics of PKI
Certificate Services
Using PKI to Secure Web Applications
Implementing PKI in Your Web Infrastructure
Microsoft Certificate Services
Netscape Certificate Server
PKI for Apache Server
PKI and Secure Software Toolkits
Testing Your Security Implementation
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12 Cradle to Grave: Working with a Security Plan
Introduction
Examining Your Code
Code Reviews
Peer-to-Peer Code Reviews
Being Aware of Code Vulnerabilities
Testing,Testing,Testing
Using Common Sense When Coding
Planning
Coding Standards
The Tools
Creating a Security Plan
Security Planning at the Network Level
Security Planning at the Application Level
Security Planning at the Desktop Level
Web Application Security Process
Summary
Solutions Fast Track
Frequently Asked Questions
Appendix Hack Proofing Your Web Applications Fast Track
Index
- No. of pages: 512
- Language: English
- Edition: 1
- Published: June 18, 2001
- Imprint: Syngress
- Paperback ISBN: 9781928994312
- eBook ISBN: 9780080478135
Read Hack Proofing Your Web Applications on ScienceDirect