Web Application Defender's Cookbook : Battling Hackers and Protecting Users.

Mostrar otras versiones (2)

Defending your web applications against hackers and attackers The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book:...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Barnett, Ryan C.
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Indianapolis, Ind. : Wiley Pub., Inc., 2013.
Edición:1. ed.
Temas:
Computer security.
Computer crimes > Prevention.
Computer networks > Security measures.
Hackers.
Sécurité informatique.
Réseaux d'ordinateurs > Sécurité > Mesures.
Pirates informatiques.
COMPUTERS > Internet > Security.
COMPUTERS > Networking > Security.
COMPUTERS > Security > General.
Computer crimes > Prevention
Hackers
Computer networks > Security measures
Computer security
Acceso en línea:Texto completo
Texto completo
Tabla de Contenidos:
  • Cover; Part I: Preparing the Battle Space; Chapter 1: Application Fortification; Recipe 1-1: Real-time Application Profiling; Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens; Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS); Recipe 1-4: Integrating Intrusion Detection System Signatures; Recipe 1-5: Using Bayesian Attack Payload Detection; HTTP Audit Logging; Recipe 1-6: Enable Full HTTP Audit Logging; Recipe 1-7: Logging Only Relevant Transactions; Recipe 1-9: Obscuring Sensitive Data in Logs.
  • Recipe 1-10: Sending Alerts to a Central Log Host Using SyslogRecipe 1-11: Using the ModSecurity AuditConsole; Recipe 1-8: Ignoring Requests for Static Content; Chapter 2: Vulnerability Identification and Remediation; Internally Developed Applications; Externally Developed Applications; Virtual Patching; Recipe 2-1: Passive Vulnerability Identification; Active Vulnerability Identification; Recipe 2-2: Active Vulnerability Identification; Manual Vulnerability Remediation; Recipe 2-3: Manual Scan Result Conversion; Recipe 2-4: Automated Scan Result Conversion.
  • Recipe 2-5: Real-time Resource Assessments and Virtual PatchingChapter 3: Poisoned Pawns (Hacker Traps); Honeytrap Concepts; Recipe 3-1: Adding Honeypot Ports; Recipe 3-2: Adding Fake robots.txt Disallow Entries; Recipe 3-3: Adding Fake HTML Comments; Recipe 3-4: Adding Fake Hidden Form Fields; Recipe 3-5: Adding Fake Cookies; Part II: Asymmetric Warfare; Chapter 4: Reputation and Third-Party Correlation; Suspicious Source Identification; Recipe 4-1: Analyzing the Client's Geographic Location Data; Recipe 4-2: Identifying Suspicious Open Proxy Usage.
  • Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL)Recipe 4-4: Running Your Own RBL; Recipe 4-5: Detecting Malicious Links; Chapter 5: Request Data Analysis; Request Data Acquisition; Recipe 5-1: Request Body Access; Recipe 5-2: Identifying Malformed Request Bodies; Recipe 5-3: Normalizing Unicode; Recipe 5-4: Identifying Use of Multiple Encodings; Recipe 5-5: Identifying Encoding Anomalies; Input Validation Anomalies; Recipe 5-6: Detecting Request Method Anomalies; Recipe 5-7: Detecting Invalid URI Data; Recipe 5-8: Detecting Request Header Anomalies.
  • Recipe 5-9: Detecting Additional ParametersRecipe 5-10: Detecting Missing Parameters; Recipe 5-11: Detecting Duplicate Parameter Names; Recipe 5-12: Detecting Parameter Payload Size Anomalies; Recipe 5-13: Detecting Parameter Character Class Anomalies; Chapter 6: Response Data Analysis; Recipe 6-1: Detecting Response Header Anomalies; Recipe 6-2: Detecting Response Header Information Leakages; Recipe 6-3: Response Body Access; Recipe 6-7: Detecting Source Code Leakages; Recipe 6-8: Detecting Technical Data Leakages; Recipe 6-9: Detecting Abnormal Response Time Intervals.

Ejemplares similares