Hacking Web Apps
Detecting and Preventing Web Application Security Problems
- 1st Edition - August 29, 2012
- Imprint: Syngress
- Author: Mike Shema
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 5 1 - 4
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 5 6 - 9
How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteHow can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but he also tells you how to get rid of these worms, trojans, and botnets and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve.
Attacks featured in this book include:
• SQL Injection
• Cross Site Scripting
• Logic Attacks
• Server Misconfigurations
• Predictable Pages
• Web of Distrust
• Breaking Authentication Schemes
• HTML5 Security Breaches
• Attacks on Mobile Apps
Even if you don’t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked—as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser – sometimes your last line of defense – more secure.
- More and more data, from finances to photos, is moving into web applications. How much can you trust that data to be accessible from a web browser anywhere and safe at the same time?
- Some of the most damaging hacks to a web site can be executed with nothing more than a web browser and a little knowledge of HTML.
- Learn about the most common threats and how to stop them, including HTML Injection, XSS, Cross Site Request Forgery, SQL Injection, Breaking Authentication Schemes, Logic Attacks, Web of Distrust, Browser Hacks and many more.
Information Security professionals of all levels, web application developers, recreational hackers.
About the Author
Acknowledgements
Introduction
Book Overview and Key Learning Points
Book Audience
How This Book is Organized
Where to Go From Here
Chapter 1. HTML5
The New Document Object Model (DOM)
Cross-Origin Resource Sharing (CORS)
WebSockets
Web Storage
Web Workers
Flotsam & Jetsam
Summary
Chapter 2. HTML Injection & Cross-Site Scripting (XSS)
Understanding HTML Injection
Employing Countermeasures
Summary
Chapter 3. Cross-Site Request Forgery (CSRF)
Understanding Cross-Site Request Forgery
Employing Countermeasures
Summary
Chapter 4. SQL Injection & Data Store Manipulation
Understanding SQL Injection
Hacking Tangents: Mathematical and Grammatical
Breaking SQL Statements
Vivisecting the Database
Employing Countermeasures
Summary
Chapter 5. Breaking Authentication Schemes
Understanding Authentication Attacks
Employing Countermeasures
Summary
Chapter 6. Abusing Design Deficiencies
Understanding Logic & Design Attacks
Employing Countermeasures
Summary
Chapter 7. Leveraging Platform Weaknesses
Understanding the Attacks
Employing Countermeasures
Summary
Chapter 8. Browser & Privacy Attacks
Understanding Malware and Browser Attacks
Employing Countermeasures
Summary
Index
- Edition: 1
- Published: August 29, 2012
- No. of pages (Paperback): 296
- No. of pages (eBook): 296
- Imprint: Syngress
- Language: English
- Paperback ISBN: 9781597499514
- eBook ISBN: 9781597499569
MS
Mike Shema
Mike Shema develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.
Affiliations and expertise
Web Application Security Solutions, Qualys, Inc.Read Hacking Web Apps on ScienceDirect