Hack Proofing XML
Free Global Shipping
No minimum orderDescription
The only way to stop a hacker is to think like one!The World Wide Web Consortium's Extensible Markup Language (XML) is quickly becoming the new standard for data formatting and Internet development. XML is expected to be as important to the future of the Web as HTML has been to the foundation of the Web, and has proven itself to be the most common tool for all data manipulation and data transmission. Hack Proofing XML provides readers with hands-on instruction for how to secure the Web transmission and access of their XML data. This book will also introduce database administrators, web developers and web masters to ways they can use XML to secure other applications and processes.
Key Features
The first book to incorporate standards from both the Security Services Markup Language (S2ML) and the Organization for the Advancement of Structured Information Standards (OASIS) in one comprehensive book
Covers the four primary security objectives: Confidentiality, Integrity, Authentication and Non-repudiation
Not only shows readers how to secure their XML data, but describes how to provide enhanced security for a broader range of applications and processes
Covers the four primary security objectives: Confidentiality, Integrity, Authentication and Non-repudiation
Not only shows readers how to secure their XML data, but describes how to provide enhanced security for a broader range of applications and processes
Table of Contents
Foreword
Chapter 1 The Zen of Hack Proofing
Introduction
Learning to Appreciate the Tao of the Hack
Hacker
Cracker
Script Kiddie
Phreaker
Black Hat,White Hat,What’s the Difference
Gray Hat
The Role of the Hacker
Criminal
Magician
Security Professional
Consumer Advocate
Civil Rights Activist
Cyber Warrior
Motivations of a Hacker
Recognition
Admiration
Curiosity
Power and Gain
Revenge
The Hacker Code
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Classes of Attack
Introduction
Identifying and Understanding the Classes of Attack
Denial of Service
Information Leakage
Regular File Access
Misinformation
Special File/Database Access
Remote Arbitrary Code Execution
Elevation of Privileges
Identifying Methods of Testing for Vulnerabilities
Proof of Concept
Standard Research Techniques
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Reviewing the Fundamentals of XML
Introduction
An Overview of XML
The Goals of XML
What Does an XML Document Look Like
Creating an XML Document
Well-Formed XML Documents
Transforming XML through XSLT
XSL Use of Patterns
XPath
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Document Type: The Validation Gateway
Introduction
Document Type Definitions and Well-Formed XML Documents
Schema and Valid XML Documents
XML Schema Data Types
Learning About Plain-Text Attacks
Plain-Text Attacks
Understanding How Validation Is Processed in XML
Validate the Input Text
Canonicalization
Validating Unicode
Validate the Document or Message
Is the XML Well Formed
Using DTDs for Verifying the Proper Structure
Using Schema for Data Consistency
Online Validation Methods and Mechanisms
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 XML Digital Signatures
Introduction
Understanding How a Digital Signature Works
Basic Digital Signature and Authentication Concepts
Applying XML Digital Signatures to Security
Examples of XML Signatures
Signing Parts of Documents
Using XPath to Transform a Document
Using XSLT to Transform a Document
Using Manifests to Manage Lists of Signed Elements
Establishing Identity By Using X509
Required and Recommended Algorithms
Cautions and Pitfalls
Vendor Toolkits
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Encryption in XML
Introduction
Understanding the Role of Encryption in Messaging Security
Security Needs of Messaging
Encryption Methods
Learning How to Apply Encryption to XML
XML Transforms Before Encryption
Flowchart of Encryption Process
Understanding Practical Usage of Encryption
Signing in Plain Text, Not Cipher Text
Cipher Text Cannot Validate Plain Text
Encryption Might Not Be Collision Resistant
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Role-Based Access Control
Introduction
Learning About Stateful Inspection
Packet Filtering
Application Layer Gateway
The FTP Process
Firewall Technologies and XML
First,You Inspect the State
Evaluating State Changes
Default Behavior Affects Security
Learning About Role-Based Access Control and Type Enforcement Implementations
NSA:The Flask Architecture
SELinux
Applying Role-Based Access Control Ideas in XML
Know When to Evaluate
Protect Data Integrity
RBAC and Java
Tools to Implement RBAC Efforts
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Understanding .NET and XML Security
Introduction
The Risks Associated with Using XML in the .NET Framework
Confidentiality Concerns
.NET Internal Security as a Viable Alternative
Permissions
Principal
Authentication
Authorization
Security Policy
Type Safety
Code Access Security
.NET Code Access Security Model
Role based Security
Principals
Role-Based Security Checks
Security Policies
Creating a New Permission Set
Modifying the Code Group Structure
Remoting Security
Cryptography
Security Tools
Securing XML—Best Practices
XML Encryption
XML Digital Signatures
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Reporting Security Problems
Introduction
Understanding Why Security Problems Need to Be Reported
Full Disclosure
Determining When and to Whom to Report the Problem
Whom to Report Security Problems to
Deciding How Much Detail to Publish
Publishing Exploit Code
Problems
Summary
Solutions Fast Track
Frequently Asked Questions
Hack Proofing XML Fast Track
Index
Product details
- No. of pages: 608
- Language: English
- Copyright: © Syngress 2002
- Published: August 16, 2002
- Imprint: Syngress
- eBook ISBN: 9780080478159