Hack Proofing XML - 1st Edition - ISBN: 9781931836500, 9780080478159

Hack Proofing XML

1st Edition

Authors: Syngress
eBook ISBN: 9780080478159
Imprint: Syngress
Published Date: 16th August 2002
Page Count: 608
Tax/VAT will be calculated at check-out
51.95
31.99
39.95
51.95
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

The only way to stop a hacker is to think like one! The World Wide Web Consortium's Extensible Markup Language (XML) is quickly becoming the new standard for data formatting and Internet development. XML is expected to be as important to the future of the Web as HTML has been to the foundation of the Web, and has proven itself to be the most common tool for all data manipulation and data transmission. Hack Proofing XML provides readers with hands-on instruction for how to secure the Web transmission and access of their XML data. This book will also introduce database administrators, web developers and web masters to ways they can use XML to secure other applications and processes.

Key Features

The first book to incorporate standards from both the Security Services Markup Language (S2ML) and the Organization for the Advancement of Structured Information Standards (OASIS) in one comprehensive book Covers the four primary security objectives: Confidentiality, Integrity, Authentication and Non-repudiation Not only shows readers how to secure their XML data, but describes how to provide enhanced security for a broader range of applications and processes

Table of Contents


Foreword

Chapter 1 The Zen of Hack Proofing

Introduction

Learning to Appreciate the Tao of the Hack

Hacker

Cracker

Script Kiddie

Phreaker

Black Hat,White Hat,What’s the Difference

Gray Hat

The Role of the Hacker

Criminal

Magician

Security Professional

Consumer Advocate

Civil Rights Activist

Cyber Warrior

Motivations of a Hacker

Recognition

Admiration

Curiosity

Power and Gain

Revenge

The Hacker Code

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Classes of Attack

Introduction

Identifying and Understanding the Classes of Attack

Denial of Service

Information Leakage

Regular File Access

Misinformation

Special File/Database Access

Remote Arbitrary Code Execution

Elevation of Privileges

Identifying Methods of Testing for Vulnerabilities

Proof of Concept

Standard Research Techniques

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Reviewing the Fundamentals of XML

Introduction

An Overview of XML

The Goals of XML

What Does an XML Document Look Like

Creating an XML Document

Well-Formed XML Documents

Transforming XML through XSLT

XSL Use of Patterns

XPath

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Document Type: The Validation Gateway

Introduction

Document Type Definitions and Well-Formed XML Documents

Schema and Valid XML Documents

XML Schema Data Types

Learning About Plain-Text Attacks

Plain-Text Attacks

Understanding How Validation Is Processed in XML

Validate the Input Text

Canonicalization

Validating Unicode

Validate the Document or Message

Is the XML Well Formed

Using DTDs for Verifying the Proper Structure

Using Schema for Data Consistency

Online Validation Methods and Mechanisms

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 XML Digital Signatures

Introduction

Understanding How a Digital Signature Works

Basic Digital Signature and Authentication Concepts

Applying XML Digital Signatures to Security

Examples of XML Signatures

Signing Parts of Documents

Using XPath to Transform a Document

Using XSLT to Transform a Document

Using Manifests to Manage Lists of Signed Elements

Establishing Identity By Using X509

Required and Recommended Algorithms

Cautions and Pitfalls

Vendor Toolkits

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Encryption in XML

Introduction

Understanding the Role of Encryption in Messaging Security

Security Needs of Messaging

Encryption Methods

Learning How to Apply Encryption to XML

XML Transforms Before Encryption

Flowchart of Encryption Process

Understanding Practical Usage of Encryption

Signing in Plain Text, Not Cipher Text

Cipher Text Cannot Validate Plain Text

Encryption Might Not Be Collision Resistant

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 Role-Based Access Control

Introduction

Learning About Stateful Inspection

Packet Filtering

Application Layer Gateway

The FTP Process

Firewall Technologies and XML

First,You Inspect the State

Evaluating State Changes

Default Behavior Affects Security

Learning About Role-Based Access Control and Type Enforcement Implementations

NSA:The Flask Architecture

SELinux

Applying Role-Based Access Control Ideas in XML

Know When to Evaluate

Protect Data Integrity

RBAC and Java

Tools to Implement RBAC Efforts

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Understanding .NET and XML Security

Introduction

The Risks Associated with Using XML in the .NET Framework

Confidentiality Concerns

.NET Internal Security as a Viable Alternative

Permissions

Principal

Authentication

Authorization

Security Policy

Type Safety

Code Access Security

.NET Code Access Security Model

Role based Security

Principals

Role-Based Security Checks

Security Policies

Creating a New Permission Set

Modifying the Code Group Structure

Remoting Security

Cryptography

Security Tools

Securing XML—Best Practices

XML Encryption

XML Digital Signatures

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Reporting Security Problems

Introduction

Understanding Why Security Problems Need to Be Reported

Full Disclosure

Determining When and to Whom to Report the Problem

Whom to Report Security Problems to

Deciding How Much Detail to Publish

Publishing Exploit Code

Problems

Summary

Solutions Fast Track

Frequently Asked Questions

Hack Proofing XML Fast Track

Index


Details

No. of pages:
608
Language:
English
Copyright:
© Syngress 2002
Published:
Imprint:
Syngress
eBook ISBN:
9780080478159

About the Author