Client-Side Attacks and Defense book cover

Client-Side Attacks and Defense

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.

Audience

Penetration Testers; Security Consultants; System and Network Administrators; IT Auditors

Paperback, 296 Pages

Published: October 2012

Imprint: Syngress

ISBN: 978-1-59749-590-5

Contents


  • Dedication and Thanks

    Biography

    Chapter 1 Client-Side Attacks Defined

        Client-Side Attacks: An Overview

             Why Are Client-Side Attacks Successful?

             Motivations Behind Client-Side Attacks

             Types of Client-Side Attacks

             Confidentiality Impact

             Integrity Impact

             Availability Impact

        Summary

    Chapter 2 Dissection of a Client-Side Attack

        What Constitutes a Client-Side Attack?

             Initiating an Attack: A Look at Cross-Site Scripting (XSS)

             The Threats of Cross-Site Scripting

             Anatomy of Some Potential Attacks

             Other Client-Side Attacks

             Vulnerabilities that Lead to Client-Side Attacks

             Summary

    Chapter 3 Protecting Web Browsers

        Common Functions of a Web Browser

             Features of Modern Browsers

        Microsoft Internet Explorer

             Features

             Security

             Add-ons and Other Features

        Mozilla Firefox

             Features

             Security

             Add-ons and Other Features

        Google Chrome

             Features

             Security

             Add-ons and Other Features

        Apple Safari

             Features

             Security

             Add-ons and Other Features

        Opera

             Features

             Security

             Add-ons and Other Features

        Web Browsers as a Target

             Selecting a Safe Web Browser

        Summary

    Chapter 4 Security Issues with Web Browsers

        What is Being Exposed?

        Many Features, Many Risks

        Tabnapping

        Is Private Really Private?

        Summary

    Chapter 5 Advanced Web Attacks

        What is Active Content?

             A Mix of Active Technologies

        A Closer Look at Active Content Types

             Microsoft Silverlight

             ActiveX

             Java

             JavaScript

             VBScript

             HTML 5

        Summary

    Chapter 6 Advanced Web Browser Defenses

        A Mix of Protective Measures

             A Mix of Potential Threats

             A Review of Browser Features and Security Risks

             Browser-Based Defenses

             Supporting the Browser

        Summary

    Chapter 7 Messaging Attacks and Defense

        Evolution of the Email Client

             Present Day Messaging Clients

             Email Client Programs

             Sending and Receiving Mail

             Webmail

        Messaging Attacks and Defense

             Spam

             Malware

             Malicious Code

             Denial of Service (DoS) Attacks

             Hoaxes

             Phishing

        Summary

    Chapter 8 Web Application Attacks

        Understanding Web Applications

             Types of Web Applications

        The Benefit of using Web Applications

        Web Application Attacks and Defense

             Remote Code Execution

             SQL Injection

             Format String Vulnerabilities

             Cross Site Scripting

             Username Enumeration

             Misconfiguration

        What’s the Target?

             Personal Information

             Financial Data

        Summary

    Chapter 9 Mobile Attacks

        Mobile Devices and Client-Side Attacks

             Communication Types

             Types of Mobile Devices

             Mobile Devices Attacks

             Mobile Device Weaknesses

        Summary

    Chapter 10 Securing Against Client-Side Attack

        Security Planning

             Planning for Security

        Securing Applications and Infrastructure

             Web Application Security Process

             Securing Infrastructure

             Securing Applications

             Types of Security Used In Applications

             Digital Signatures

             Digital Certificates

             Reviewing the Basics of PKI

             Testing Your Security Implementation

        Securing Clients

             Malware Protection

             How to Secure Against Malicious Software

        Summary

    Index




Advertisement

advert image