Hack Proofing Your Web Applications - 1st Edition - ISBN: 9781928994312, 9780080478135

Hack Proofing Your Web Applications

1st Edition

The Only Way to Stop a Hacker Is to Think Like One

Authors: Syngress
eBook ISBN: 9780080478135
Imprint: Syngress
Published Date: 18th June 2001
Page Count: 512
Tax/VAT will be calculated at check-out
39.95
51.95
51.95
31.99
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

From the authors of the bestselling Hack Proofing Your Network!

OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problems, how can anyone be safe? How can any programmer expect to develop web applications that are secure?

Hack Proofing Your Web Applications is the only book specifically written for application developers and webmasters who write programs that are used on web sites. It covers Java applications, XML, ColdFusion, and other database applications. Most hacking books focus on catching the hackers once they've entered the site; this one shows programmers how to design tight code that will deter hackers from the word go.

Comes with up-to-the-minute web based support and a CD-ROM containing source codes and sample testing programs Unique approach: Unlike most hacking books this one is written for the application developer to help them build less vulnerable programs

Table of Contents


Foreword

Chapter 1 Hacking Methodology

Introduction

Understanding the Terms

A Brief History of Hacking

Phone System Hacking

Computer Hacking

What Motivates a Hacker

Ethical Hacking versus Malicious Hacking

Working with Security Professionals

Understanding Current Attack Types

DoS/DDoS

Virus Hacking

Stealing

Recognizing Web Application Security Threats

Hidden Manipulation

Parameter Tampering

Cross-Site Scripting

Buffer Overflow

Cookie Poisoning

Preventing Break-Ins by Thinking Like a Hacker

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 How to Avoid Becoming a “Code Grinder”

Introduction

What Is a Code Grinder

Following the Rules

Thinking Creatively When Coding

Allowing for Thought

Security from the Perspective of a Code Grinder

Coding in a Vacuum

Building Functional and Secure Web Applications

But My Code Is Functional

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Understanding the Risks Associated with Mobile Code

Introduction

Recognizing the Impact of Mobile Code Attacks

Browser Attacks

Mail Client Attacks

Malicious Scripts or Macros

Identifying Common Forms of Mobile Code

Macro Languages:Visual Basic for Applications (VBA)

JavaScript

VBScript

Java Applets

ActiveX Controls

E-Mail Attachments and Downloaded Executables

Protecting Your System from Mobile Code Attacks

Security Applications

Web-Based Tools

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Vulnerable CGI Scripts

Introduction

What Is a CGI Script, and What Does It Do

Typical Uses of CGI Scripts

When Should You Use CGI

Break-Ins Resulting from Weak CGI Scripts

How to Write “Tighter” CGI Scripts

Searchable Index Commands

CGI Wrappers

Languages for Writing CGI Scripts

Unix Shell

Perl

C/C++

Visual Basic

Advantages of Using CGI Scripts

Rules for Writing Secure CGI Scripts

Storing CGI Scripts

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Hacking Techniques and Tools

Introduction

A Hacker’s Goals

Minimize the Warning Signs

Maximize the Access

Damage, Damage,Damage

Turning the Tables

The Five Phases of Hacking

Creating an Attack Map

Building an Execution Plan

Establishing a Point of Entry

Continued and Further Access

The Attack

Social Engineering

Sensitive Information

The Intentional “Back Door” Attack

Hard-Coding a Back Door Password

Exploiting Inherent Weaknesses in Code or Programming Environments

The Tools of the Trade

Hex Editors

Debuggers

Disassemblers

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Code Auditing and Reverse Engineering

Introduction

How to Efficiently Trace through a Program

Auditing and Reviewing Selected Programming Languages

Reviewing Java

Reviewing Java Server Pages

Reviewing Active Server Pages

Reviewing Server Side Includes

Reviewing Python

Reviewing Tool Command Language

Reviewing Practical Extraction and Reporting Language

Reviewing PHP: Hypertext Preprocessor

Reviewing C/C++

Reviewing ColdFusion

Looking for Vulnerabilities

Getting the Data from the User

Looking for Buffer Overflows

Checking the Output Given to the User

Checking for File System Access/Interaction

Checking External Program and Code Execution

Checking Structured Query Language (SQL)/Database Queries

Checking Networking and Communication Streams

Pulling It All Together

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 Securing Your Java Code

Introduction

Overview of the Java Security Architecture

The Java Security Model

The Sandbox

How Java Handles Security

Class Loaders

Byte-Code Verifier

Java Protected Domains

Potential Weaknesses in Java

DoS Attack/Degradation of Service Attacks

Third-Party Trojan Horse Attacks

Coding Functional but Secure Java Applets

Message Digests

Digital Signatures

Authentication

Protecting Security with JAR Signing

Encryption

Sun Microsystems Recommendations for Java Security

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Securing XML

Introduction

Defining XML

Logical Structure

Elements

XML and XSL/DTD Documents

XSL Use of Templates

XSL Use of Patterns

DTD

Creating Web Applications Using XML

The Risks Associated with Using XML

Confidentiality Concerns

Securing XML

XML Encryption

XML Digital Signatures

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Building Safe ActiveX Internet Controls

Introduction

Dangers Associated with Using ActiveX

Avoiding Common ActiveX Vulnerabilities

Lessening the Impact of ActiveX Vulnerabilities

Methodology for Writing Safe ActiveX Controls

Object Safety Settings

Securing ActiveX Controls

Control Signing

Control Marking

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10 Securing ColdFusion

Introduction

How Does ColdFusion Work

Utilizing the Benefit of Rapid Development

Understanding ColdFusion Markup Language

Preserving ColdFusion Security

Secure Development

Secure Deployment

ColdFusion Application Processing

Checking for Existence of Data

Checking Data Types

Data Evaluation

Risks Associated with Using ColdFusion

Using Error Handling Programs

Using Per-Session Tracking

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 11 Developing Security-Enabled Applications

Introduction

The Benefits of Using Security-Enabled Applications

Types of Security Used in Applications

Digital Signatures

Pretty Good Privacy

Secure Multipurpose Internet Mail Extension

Secure Sockets Layer

Digital Certificates

Reviewing the Basics of PKI

Certificate Services

Using PKI to Secure Web Applications

Implementing PKI in Your Web Infrastructure

Microsoft Certificate Services

Netscape Certificate Server

PKI for Apache Server

PKI and Secure Software Toolkits

Testing Your Security Implementation

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 12 Cradle to Grave: Working with a Security Plan

Introduction

Examining Your Code

Code Reviews

Peer-to-Peer Code Reviews

Being Aware of Code Vulnerabilities

Testing,Testing,Testing

Using Common Sense When Coding

Planning

Coding Standards

The Tools

Creating a Security Plan

Security Planning at the Network Level

Security Planning at the Application Level

Security Planning at the Desktop Level

Web Application Security Process

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix Hack Proofing Your Web Applications Fast Track

Index


Details

No. of pages:
512
Language:
English
Copyright:
© Syngress 2001
Published:
Imprint:
Syngress
eBook ISBN:
9780080478135

About the Author