Hacking Web Apps
Detecting and Preventing Web Application Security Problems
- Mike Shema, Web Application Security Solutions, Qualys, Inc.
Attacks featured in this book include:
• SQL Injection
• Cross Site Scripting
• Logic Attacks
• Server Misconfigurations
• Predictable Pages
• Web of Distrust
• Breaking Authentication Schemes
• HTML5 Security Breaches
• Attacks on Mobile Apps
Even if you don’t develop web sites or write HTML, Hacking Web Apps can still help you learn how sites are attacked-as well as the best way to defend against these attacks. Plus, Hacking Web Apps gives you detailed steps to make the web browser - sometimes your last line of defense - more secure.
AudienceInformation Security professionals of all levels, web application developers, recreational hackers.
- Published: August 2012
- Imprint: SYNGRESS
- ISBN: 978-1-59749-951-4
"Preventing and fixing vulnerabilities is what this book is really about…The truth is that it’s most appropriate for anyone tasked with securing an organisation’s website. However, all web developers should be made to read it, whether they consider themselves coders or designers."--Network Security Newsletter, July 2013 "This book is equally valuable to technical security practitioners and less-technical security leaders alike. I recommend anyone looking to develop their own web applications or defend against modern web application exploitation take advantage of Mike Shema’s expertise on this topic."--Doug Steelman, Chief Information Security Officer, Dell SecureWorks "Hacking Web Apps by Mike Shema introduces novice security practitioners to the most threatening exploits plaguing modern web applications. The book covers more than the raw concepts, by bringing in other vulnerabilities and showing how the various exploits relate to one another; and it does so in human readable terms."--Robert Hansen, CEO of Falling Rock Networks and SecTheory Ltd.
Table of Contents
Chapter 1 - Introduction
Chapter 2 - Cross Site Scripting (XSS)
Chapter 3 - Cross Site Request Forgery (CSRF)
Chapter 4 - SQL Injection
Chapter 5 - Server Misconfigurations and Predictable Pages
Chapter 6 - Breaking Authentication Schemes
Chapter 7 - Logic Attacks
Chapter 8 - Web of Distrust
Chapter 9 - HTML5 Security Breaches