Client-Side Attacks and Defense book cover

Client-Side Attacks and Defense

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.


Penetration Testers; Security Consultants; System and Network Administrators; IT Auditors

Paperback, 296 Pages

Published: October 2012

Imprint: Syngress

ISBN: 978-1-59749-590-5


  • Dedication and Thanks


    Chapter 1 Client-Side Attacks Defined

        Client-Side Attacks: An Overview

             Why Are Client-Side Attacks Successful?

             Motivations Behind Client-Side Attacks

             Types of Client-Side Attacks

             Confidentiality Impact

             Integrity Impact

             Availability Impact


    Chapter 2 Dissection of a Client-Side Attack

        What Constitutes a Client-Side Attack?

             Initiating an Attack: A Look at Cross-Site Scripting (XSS)

             The Threats of Cross-Site Scripting

             Anatomy of Some Potential Attacks

             Other Client-Side Attacks

             Vulnerabilities that Lead to Client-Side Attacks


    Chapter 3 Protecting Web Browsers

        Common Functions of a Web Browser

             Features of Modern Browsers

        Microsoft Internet Explorer



             Add-ons and Other Features

        Mozilla Firefox



             Add-ons and Other Features

        Google Chrome



             Add-ons and Other Features

        Apple Safari



             Add-ons and Other Features




             Add-ons and Other Features

        Web Browsers as a Target

             Selecting a Safe Web Browser


    Chapter 4 Security Issues with Web Browsers

        What is Being Exposed?

        Many Features, Many Risks


        Is Private Really Private?


    Chapter 5 Advanced Web Attacks

        What is Active Content?

             A Mix of Active Technologies

        A Closer Look at Active Content Types

             Microsoft Silverlight





             HTML 5


    Chapter 6 Advanced Web Browser Defenses

        A Mix of Protective Measures

             A Mix of Potential Threats

             A Review of Browser Features and Security Risks

             Browser-Based Defenses

             Supporting the Browser


    Chapter 7 Messaging Attacks and Defense

        Evolution of the Email Client

             Present Day Messaging Clients

             Email Client Programs

             Sending and Receiving Mail


        Messaging Attacks and Defense



             Malicious Code

             Denial of Service (DoS) Attacks




    Chapter 8 Web Application Attacks

        Understanding Web Applications

             Types of Web Applications

        The Benefit of using Web Applications

        Web Application Attacks and Defense

             Remote Code Execution

             SQL Injection

             Format String Vulnerabilities

             Cross Site Scripting

             Username Enumeration


        What’s the Target?

             Personal Information

             Financial Data


    Chapter 9 Mobile Attacks

        Mobile Devices and Client-Side Attacks

             Communication Types

             Types of Mobile Devices

             Mobile Devices Attacks

             Mobile Device Weaknesses


    Chapter 10 Securing Against Client-Side Attack

        Security Planning

             Planning for Security

        Securing Applications and Infrastructure

             Web Application Security Process

             Securing Infrastructure

             Securing Applications

             Types of Security Used In Applications

             Digital Signatures

             Digital Certificates

             Reviewing the Basics of PKI

             Testing Your Security Implementation

        Securing Clients

             Malware Protection

             How to Secure Against Malicious Software




advert image