Hack Proofing XML

Hack Proofing XML

1st Edition - August 16, 2002

Write a review

  • Author: Syngress
  • eBook ISBN: 9780080478159

Purchase options

Purchase options
DRM-free (PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


The only way to stop a hacker is to think like one!The World Wide Web Consortium's Extensible Markup Language (XML) is quickly becoming the new standard for data formatting and Internet development. XML is expected to be as important to the future of the Web as HTML has been to the foundation of the Web, and has proven itself to be the most common tool for all data manipulation and data transmission. Hack Proofing XML provides readers with hands-on instruction for how to secure the Web transmission and access of their XML data. This book will also introduce database administrators, web developers and web masters to ways they can use XML to secure other applications and processes.

Key Features

The first book to incorporate standards from both the Security Services Markup Language (S2ML) and the Organization for the Advancement of Structured Information Standards (OASIS) in one comprehensive book
Covers the four primary security objectives: Confidentiality, Integrity, Authentication and Non-repudiation
Not only shows readers how to secure their XML data, but describes how to provide enhanced security for a broader range of applications and processes

Table of Contents

  • Foreword

    Chapter 1 The Zen of Hack Proofing


    Learning to Appreciate the Tao of the Hack



    Script Kiddie


    Black Hat,White Hat,What’s the Difference

    Gray Hat

    The Role of the Hacker



    Security Professional

    Consumer Advocate

    Civil Rights Activist

    Cyber Warrior

    Motivations of a Hacker




    Power and Gain


    The Hacker Code


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 2 Classes of Attack


    Identifying and Understanding the Classes of Attack

    Denial of Service

    Information Leakage

    Regular File Access


    Special File/Database Access

    Remote Arbitrary Code Execution

    Elevation of Privileges

    Identifying Methods of Testing for Vulnerabilities

    Proof of Concept

    Standard Research Techniques


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 3 Reviewing the Fundamentals of XML


    An Overview of XML

    The Goals of XML

    What Does an XML Document Look Like

    Creating an XML Document

    Well-Formed XML Documents

    Transforming XML through XSLT

    XSL Use of Patterns



    Solutions Fast Track

    Frequently Asked Questions

    Chapter 4 Document Type: The Validation Gateway


    Document Type Definitions and Well-Formed XML Documents

    Schema and Valid XML Documents

    XML Schema Data Types

    Learning About Plain-Text Attacks

    Plain-Text Attacks

    Understanding How Validation Is Processed in XML

    Validate the Input Text


    Validating Unicode

    Validate the Document or Message

    Is the XML Well Formed

    Using DTDs for Verifying the Proper Structure

    Using Schema for Data Consistency

    Online Validation Methods and Mechanisms


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 5 XML Digital Signatures


    Understanding How a Digital Signature Works

    Basic Digital Signature and Authentication Concepts

    Applying XML Digital Signatures to Security

    Examples of XML Signatures

    Signing Parts of Documents

    Using XPath to Transform a Document

    Using XSLT to Transform a Document

    Using Manifests to Manage Lists of Signed Elements

    Establishing Identity By Using X509

    Required and Recommended Algorithms

    Cautions and Pitfalls

    Vendor Toolkits


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 6 Encryption in XML


    Understanding the Role of Encryption in Messaging Security

    Security Needs of Messaging

    Encryption Methods

    Learning How to Apply Encryption to XML

    XML Transforms Before Encryption

    Flowchart of Encryption Process

    Understanding Practical Usage of Encryption

    Signing in Plain Text, Not Cipher Text

    Cipher Text Cannot Validate Plain Text

    Encryption Might Not Be Collision Resistant


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 7 Role-Based Access Control


    Learning About Stateful Inspection

    Packet Filtering

    Application Layer Gateway

    The FTP Process

    Firewall Technologies and XML

    First,You Inspect the State

    Evaluating State Changes

    Default Behavior Affects Security

    Learning About Role-Based Access Control and Type Enforcement Implementations

    NSA:The Flask Architecture


    Applying Role-Based Access Control Ideas in XML

    Know When to Evaluate

    Protect Data Integrity

    RBAC and Java

    Tools to Implement RBAC Efforts


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 8 Understanding .NET and XML Security


    The Risks Associated with Using XML in the .NET Framework

    Confidentiality Concerns

    .NET Internal Security as a Viable Alternative





    Security Policy

    Type Safety

    Code Access Security

    .NET Code Access Security Model

    Role based Security


    Role-Based Security Checks

    Security Policies

    Creating a New Permission Set

    Modifying the Code Group Structure

    Remoting Security


    Security Tools

    Securing XML—Best Practices

    XML Encryption

    XML Digital Signatures


    Solutions Fast Track

    Frequently Asked Questions

    Chapter 9 Reporting Security Problems


    Understanding Why Security Problems Need to Be Reported

    Full Disclosure

    Determining When and to Whom to Report the Problem

    Whom to Report Security Problems to

    Deciding How Much Detail to Publish

    Publishing Exploit Code



    Solutions Fast Track

    Frequently Asked Questions

    Hack Proofing XML Fast Track


Product details

  • No. of pages: 608
  • Language: English
  • Copyright: © Syngress 2002
  • Published: August 16, 2002
  • Imprint: Syngress
  • eBook ISBN: 9780080478159

About the Author


Ratings and Reviews

Write a review

There are currently no reviews for "Hack Proofing XML"