Cargando…
The web application hacker's handbook : discovering and exploiting security flaws /
This handbook offers a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts.
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, IN :
Wiley Pub.,
©2008.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
MARC
| LEADER | 00000cam a2200000Ma 4500 | ||
|---|---|---|---|
| 001 | OR_ocn608624120 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | ||
| 007 | cr cn||||||||| | ||
| 008 | 070719s2008 inua ob 001 0 eng d | ||
| 010 | |z 2007029983 | ||
| 040 | |a MERUC |b eng |e pn |c MERUC |d E7B |d OCLCQ |d COCUF |d N$T |d YDXCP |d CDN |d IDEBK |d CNCGM |d UMI |d ITD |d CEF |d OCLCQ |d FVL |d B24X7 |d OCLCQ |d DEBSZ |d OCLCQ |d OCLCO |d OCLCF |d OCLCQ |d OCLCO |d OCLCQ |d OCLCO |d COO |d OCLCO |d OCLCQ |d OCLCO |d AZK |d OCLCO |d MOR |d LIV |d OCLCQ |d OCLCA |d BRL |d NRAMU |d WYU |d UAB |d VT2 |d UKAHL |d OCLCO |d OCLCQ | ||
| 019 | |a 181335212 |a 213380646 |a 243693215 |a 606039544 |a 647764763 |a 656476166 |a 722717803 |a 728056807 |a 767006918 |a 883015688 |a 961556011 |a 962677560 |a 988437504 |a 1002067045 |a 1037534965 |a 1044303681 |a 1045524694 |a 1062875234 |a 1073058795 |a 1103273838 |a 1129356635 |a 1152990012 |a 1192346404 |a 1240512462 | ||
| 020 | |a 9780470237984 |q (electronic bk.) | ||
| 020 | |a 0470237988 |q (electronic bk.) | ||
| 020 | |z 0470170778 |q (pbk.) | ||
| 020 | |z 9780470170779 |q (pbk.) | ||
| 024 | 8 | |a 9786611100216 | |
| 029 | 1 | |a AU@ |b 000052722118 | |
| 029 | 1 | |a AU@ |b 000053247776 | |
| 029 | 1 | |a DEBSZ |b 355412020 | |
| 029 | 1 | |a HEBIS |b 29148431X | |
| 029 | 1 | |a NZ1 |b 13340356 | |
| 035 | |a (OCoLC)608624120 |z (OCoLC)181335212 |z (OCoLC)213380646 |z (OCoLC)243693215 |z (OCoLC)606039544 |z (OCoLC)647764763 |z (OCoLC)656476166 |z (OCoLC)722717803 |z (OCoLC)728056807 |z (OCoLC)767006918 |z (OCoLC)883015688 |z (OCoLC)961556011 |z (OCoLC)962677560 |z (OCoLC)988437504 |z (OCoLC)1002067045 |z (OCoLC)1037534965 |z (OCoLC)1044303681 |z (OCoLC)1045524694 |z (OCoLC)1062875234 |z (OCoLC)1073058795 |z (OCoLC)1103273838 |z (OCoLC)1129356635 |z (OCoLC)1152990012 |z (OCoLC)1192346404 |z (OCoLC)1240512462 | ||
| 037 | |a 110021 |b MIL | ||
| 050 | 4 | |a TK5105.875.I57 |b S85 2008eb | |
| 072 | 7 | |a COM |x 060040 |2 bisacsh | |
| 072 | 7 | |a COM |x 043050 |2 bisacsh | |
| 072 | 7 | |a COM |x 053000 |2 bisacsh | |
| 082 | 0 | 4 | |a 005.8 |2 22 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Stuttard, Dafydd, |d 1972- | |
| 245 | 1 | 4 | |a The web application hacker's handbook : |b discovering and exploiting security flaws / |c Dafydd Stuttard, Marcus Pinto. |
| 260 | |a Indianapolis, IN : |b Wiley Pub., |c ©2008. | ||
| 300 | |a 1 online resource (xxxii, 736 pages) : |b illustrations | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 504 | |a Includes bibliographical references and index. | ||
| 505 | 0 | |a Cover -- About the Authors -- Credits -- Contents -- Acknowledgments -- Introduction -- Overview of This Book -- Who Should Read This Book -- How This Book Is Organized -- Tools You Will Need -- What's on the Web Site -- Bring It On -- Chapter 1: Web Application (In)security -- The Evolution of Web Applications -- Web Application Security -- Chapter Summary -- Chapter 2: Core Defense Mechanisms -- Handling User Access -- Handling User Input -- Handling Attackers -- Managing the Application -- Chapter Summary -- Questions -- Chapter 3: Web Application Technologies -- The HTTP Protocol -- Web Functionality -- Encoding Schemes -- Next Steps -- Questions -- Chapter 4: Mapping the Application -- Enumerating Content and Functionality -- Analyzing the Application -- Chapter Summary -- Questions -- Chapter 5: Bypassing Client-Side Controls -- Transmitting Data via the Client -- Capturing User Data: HTML Forms -- Capturing User Data: Thick-Client Components -- Handling Client-Side Data Securely -- Chapter Summary -- Questions -- Chapter 6: Attacking Authentication -- Authentication Technologies -- Design Flaws in Authentication Mechanisms -- Implementation Flaws in Authentication -- Securing Authentication -- Chapter Summary -- Questions -- Chapter 7: Attacking Session Management -- The Need for State -- Weaknesses in Session Token Generation -- Weaknesses in Session Token Handling -- Securing Session Management -- Chapter Summary -- Questions -- Chapter 8: Attacking Access Controls -- Common Vulnerabilities -- Attacking Access Controls -- Securing Access Controls -- Chapter Summary -- Questions -- Chapter 9: Injecting Code -- Injecting into Interpreted Languages -- Injecting into SQL -- Injecting OS Commands -- Injecting into Web Scripting Languages -- Injecting into SOAP -- Injecting into XPath -- Injecting into SMTP -- Injecting into LDAP -- Chapter Summary -- Questions -- Chapter 10: Exploiting Path Traversal -- Common Vulnerabilities -- Finding and Exploiting Path Traversal Vulnerabilities -- Preventing Path Traversal Vulnerabilities -- Chapter Summary -- Questions -- Chapter 11: Attacking Application Logic -- The Nature of Logic Flaws -- Real-World Logic Flaws -- Avoiding Logic Flaws -- Chapter Summary -- Questions -- Chapter 12: Attacking Other Users -- Cross-Site Scripting -- Redirection Attacks -- HTTP Header Injection -- Frame Injection -- Request Forgery -- JSON Hijacking -- Session Fixation -- Attacking ActiveX Controls -- Local Privacy Attacks -- Advanced Exploitation Techniques -- Chapter Summary -- Questions -- Chapter 13: Automating Bespoke Attacks -- Uses for Bespoke Automation -- Enumerating Valid Identifiers -- Harvesting Useful Data -- Fuzzing for Common Vulnerabilities -- Putting It All Together: Burp Intruder -- Chapter Summary -- Questions -- Chapter 14: Exploiting Information Disclosure -- Exploiting Error Messages -- Gathering Published Information --T$11002. | |
| 520 | |a This handbook offers a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. | ||
| 588 | 0 | |a Print version record. | |
| 590 | |a O'Reilly |b O'Reilly Online Learning: Academic/Public Library Edition | ||
| 650 | 0 | |a Computer security. | |
| 650 | 0 | |a Internet |x Security measures. | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 6 | |a Internet |x Sécurité |x Mesures. | |
| 650 | 7 | |a COMPUTERS |x Internet |x Security. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Networking |x Security. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Security |x General. |2 bisacsh | |
| 650 | 7 | |a Computer security. |2 fast |0 (OCoLC)fst00872484 | |
| 650 | 7 | |a Internet |x Security measures. |2 fast |0 (OCoLC)fst01751426 | |
| 700 | 1 | |a Pinto, Marcus, |d 1978- | |
| 776 | 0 | 8 | |i Print version: |a Stuttard, Dafydd, 1972- |t Web application hacker's handbook. |d Indianapolis, IN : Wiley Pub., ©2008 |w (DLC) 2007029983 |
| 856 | 4 | 0 | |u https://learning.oreilly.com/library/view/~/9780470170779/?ar |z Texto completo (Requiere registro previo con correo institucional) |
| 938 | |a Askews and Holts Library Services |b ASKH |n AH3915089 | ||
| 938 | |a Books 24x7 |b B247 |n bks00023460 | ||
| 938 | |a ebrary |b EBRY |n ebr10296797 | ||
| 938 | |a EBSCOhost |b EBSC |n 209734 | ||
| 938 | |a YBP Library Services |b YANK |n 2737903 | ||
| 994 | |a 92 |b IZTAP | ||