Client-Side Attacks and Defense

By

  • Sean-Philip Oriyano, CISSP, CNDA, CEH, MCSE
  • Robert Shimonski, is a networking and security veteran with over 20 years' experience in military, corporate and educational environments.

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.
View full description

Audience

Penetration Testers; Security Consultants; System and Network Administrators; IT Auditors

 

Book information

  • Published: October 2012
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-590-5


Table of Contents


Dedication and Thanks

Biography

Chapter 1 Client-Side Attacks Defined

    Client-Side Attacks: An Overview

         Why Are Client-Side Attacks Successful?

         Motivations Behind Client-Side Attacks

         Types of Client-Side Attacks

         Confidentiality Impact

         Integrity Impact

         Availability Impact

    Summary

Chapter 2 Dissection of a Client-Side Attack

    What Constitutes a Client-Side Attack?

         Initiating an Attack: A Look at Cross-Site Scripting (XSS)

         The Threats of Cross-Site Scripting

         Anatomy of Some Potential Attacks

         Other Client-Side Attacks

         Vulnerabilities that Lead to Client-Side Attacks

         Summary

Chapter 3 Protecting Web Browsers

    Common Functions of a Web Browser

         Features of Modern Browsers

    Microsoft Internet Explorer

         Features

         Security

         Add-ons and Other Features

    Mozilla Firefox

         Features

         Security

         Add-ons and Other Features

    Google Chrome

         Features

         Security

         Add-ons and Other Features

    Apple Safari

         Features

         Security

         Add-ons and Other Features

    Opera

         Features

         Security

         Add-ons and Other Features

    Web Browsers as a Target

         Selecting a Safe Web Browser

    Summary

Chapter 4 Security Issues with Web Browsers

    What is Being Exposed?

    Many Features, Many Risks

    Tabnapping

    Is Private Really Private?

    Summary

Chapter 5 Advanced Web Attacks

    What is Active Content?

         A Mix of Active Technologies

    A Closer Look at Active Content Types

         Microsoft Silverlight

         ActiveX

         Java

         JavaScript

         VBScript

         HTML 5

    Summary

Chapter 6 Advanced Web Browser Defenses

    A Mix of Protective Measures

         A Mix of Potential Threats

         A Review of Browser Features and Security Risks

         Browser-Based Defenses

         Supporting the Browser

    Summary

Chapter 7 Messaging Attacks and Defense

    Evolution of the Email Client

         Present Day Messaging Clients

         Email Client Programs

         Sending and Receiving Mail

         Webmail

    Messaging Attacks and Defense

         Spam

         Malware

         Malicious Code

         Denial of Service (DoS) Attacks

         Hoaxes

         Phishing

    Summary

Chapter 8 Web Application Attacks

    Understanding Web Applications

         Types of Web Applications

    The Benefit of using Web Applications

    Web Application Attacks and Defense

         Remote Code Execution

         SQL Injection

         Format String Vulnerabilities

         Cross Site Scripting

         Username Enumeration

         Misconfiguration

    What’s the Target?

         Personal Information

         Financial Data

    Summary

Chapter 9 Mobile Attacks

    Mobile Devices and Client-Side Attacks

         Communication Types

         Types of Mobile Devices

         Mobile Devices Attacks

         Mobile Device Weaknesses

    Summary

Chapter 10 Securing Against Client-Side Attack

    Security Planning

         Planning for Security

    Securing Applications and Infrastructure

         Web Application Security Process

         Securing Infrastructure

         Securing Applications

         Types of Security Used In Applications

         Digital Signatures

         Digital Certificates

         Reviewing the Basics of PKI

         Testing Your Security Implementation

    Securing Clients

         Malware Protection

         How to Secure Against Malicious Software

    Summary

Index