Hacknotes web security portable reference

Free Download

Authors:

Edition: 1

Series: HackNotes

ISBN: 0072227842, 9780072227840

Size: 3 MB (3513514 bytes)

Pages: 241/241

File format:

Language:

Publishing Year:

Direct Download: Coming soon..
Download link:
Sign in to view hidden content.
Category:

Mike Shema0072227842, 9780072227840

Let consultant, trainer, and author Mike Shema show you how to guard against standard and uncommon network penetration methodologies and eliminate susceptibility to e-commerce hacking. Plus, learn to bolster Web application security and secure vulnerable hacking function areas.

Table of contents :
Team DDU……Page 1
CONTENTS……Page 10
Acknowledgments……Page 14
Hacknotes: The Series……Page 16
Introduction……Page 20
Reference Center……Page 24
Application Assessment Methodology Checklist……Page 25
HTTP Protocol Notes……Page 33
Input Validation Tests……Page 36
Common Web-Related Ports and Applications……Page 39
Quick-Reference Command Techniques……Page 41
Application Default Accounts and Configuration Files……Page 44
“Wargling” Search Terms……Page 45
IIS Metabase Settings and Recommendations……Page 46
Online References……Page 51
Useful Tools……Page 53
Part I Hacking Techniques & Defenses……Page 56
■ 1 Web Hacking & Penetration Methodologies……Page 58
Threats and Vulnerabilities……Page 59
Profiling the Platform……Page 60
Profiling the Application……Page 64
Summary……Page 76
■ 2 Critical Hacks & Defenses……Page 78
Generic Input Validation……Page 80
Common Vectors……Page 82
Source Disclosure……Page 83
URL Encoding (Escaped Characters)……Page 84
Unicode……Page 85
Alternate Request Methods……Page 87
SQL Injection……Page 88
Microsoft SQL Server……Page 94
Oracle……Page 97
MySQL……Page 99
PostgreSQL……Page 101
Putting It Together……Page 102
Cross-Site Scripting……Page 103
Finding Tokens……Page 105
Encoded vs Encrypted……Page 106
Session Attacks……Page 110
Session Correlation……Page 116
XML-Based Services……Page 118
Attacking XML……Page 119
Input Validation……Page 120
Summary……Page 127
Part II Host Assessment & Hardening……Page 128
■ 3 Platform Assessment Methodology……Page 130
Whisker and LibWhisker……Page 131
Nikto……Page 133
Nessus……Page 136
Achilles……Page 141
WebProxy 2 1……Page 142
Curl……Page 146
Replaying Requests……Page 149
Summary……Page 153
■ 4 Assessment & Hardening Checklists……Page 154
An Overview of Web Servers……Page 155
Compile-Time Options……Page 156
Configuration File: httpd conf……Page 161
Adsutil vbs and the Metabase……Page 165
File Security……Page 167
IIS Lockdown Utility (iislockd exe)……Page 171
Summary……Page 172
Part III Special Topics……Page 174
■ 5 Web Server Security & Analysis……Page 176
Web Server Log Analysis……Page 177
Proxies……Page 184
Load Balancers……Page 185
Arbitrary Command Execution……Page 187
Summary……Page 192
■ 6 Secure Coding……Page 194
Secure Programming……Page 195
Java……Page 199
ASP……Page 201
Perl……Page 202
PHP……Page 203
Summary……Page 204
■ A 7-Bit ASCII Reference……Page 206
■ B Web Application Scapegoat……Page 214
Installing WebGoat……Page 215
Using WebGoat……Page 216
■ Index……Page 220

Reviews

There are no reviews yet.

Be the first to review “Hacknotes web security portable reference”

Related products

Shopping Cart
Scroll to Top