Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
Hack Proofing Your Web Applications
The Only Way to Stop a Hacker Is to Think Like One
1st Edition - June 18, 2001
Author: Syngress
Language: English
eBook ISBN:9780080478135
9 7 8 - 0 - 0 8 - 0 4 7 8 1 3 - 5
From the authors of the bestselling Hack Proofing Your Network!OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problem…Read more
Purchase options
LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
From the authors of the bestselling Hack Proofing Your Network!
OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problems, how can anyone be safe? How can any programmer expect to develop web applications that are secure?
Hack Proofing Your Web Applications is the only book specifically written for application developers and webmasters who write programs that are used on web sites. It covers Java applications, XML, ColdFusion, and other database applications. Most hacking books focus on catching the hackers once they've entered the site; this one shows programmers how to design tight code that will deter hackers from the word go.
Comes with up-to-the-minute web based support and a CD-ROM containing source codes and sample testing programs Unique approach: Unlike most hacking books this one is written for the application developer to help them build less vulnerable programs
Foreword
Chapter 1 Hacking Methodology
Introduction
Understanding the Terms
A Brief History of Hacking
Phone System Hacking
Computer Hacking
What Motivates a Hacker
Ethical Hacking versus Malicious Hacking
Working with Security Professionals
Understanding Current Attack Types
DoS/DDoS
Virus Hacking
Stealing
Recognizing Web Application Security Threats
Hidden Manipulation
Parameter Tampering
Cross-Site Scripting
Buffer Overflow
Cookie Poisoning
Preventing Break-Ins by Thinking Like a Hacker
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 How to Avoid Becoming a “Code Grinder”
Introduction
What Is a Code Grinder
Following the Rules
Thinking Creatively When Coding
Allowing for Thought
Security from the Perspective of a Code Grinder
Coding in a Vacuum
Building Functional and Secure Web Applications
But My Code Is Functional
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Understanding the Risks Associated with Mobile Code
Introduction
Recognizing the Impact of Mobile Code Attacks
Browser Attacks
Mail Client Attacks
Malicious Scripts or Macros
Identifying Common Forms of Mobile Code
Macro Languages:Visual Basic for Applications (VBA)
JavaScript
VBScript
Java Applets
ActiveX Controls
E-Mail Attachments and Downloaded Executables
Protecting Your System from Mobile Code Attacks
Security Applications
Web-Based Tools
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Vulnerable CGI Scripts
Introduction
What Is a CGI Script, and What Does It Do
Typical Uses of CGI Scripts
When Should You Use CGI
Break-Ins Resulting from Weak CGI Scripts
How to Write “Tighter” CGI Scripts
Searchable Index Commands
CGI Wrappers
Languages for Writing CGI Scripts
Unix Shell
Perl
C/C++
Visual Basic
Advantages of Using CGI Scripts
Rules for Writing Secure CGI Scripts
Storing CGI Scripts
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Hacking Techniques and Tools
Introduction
A Hacker’s Goals
Minimize the Warning Signs
Maximize the Access
Damage, Damage,Damage
Turning the Tables
The Five Phases of Hacking
Creating an Attack Map
Building an Execution Plan
Establishing a Point of Entry
Continued and Further Access
The Attack
Social Engineering
Sensitive Information
The Intentional “Back Door” Attack
Hard-Coding a Back Door Password
Exploiting Inherent Weaknesses in Code or Programming Environments
The Tools of the Trade
Hex Editors
Debuggers
Disassemblers
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Code Auditing and Reverse Engineering
Introduction
How to Efficiently Trace through a Program
Auditing and Reviewing Selected Programming Languages
Reviewing Java
Reviewing Java Server Pages
Reviewing Active Server Pages
Reviewing Server Side Includes
Reviewing Python
Reviewing Tool Command Language
Reviewing Practical Extraction and Reporting Language
Reviewing PHP: Hypertext Preprocessor
Reviewing C/C++
Reviewing ColdFusion
Looking for Vulnerabilities
Getting the Data from the User
Looking for Buffer Overflows
Checking the Output Given to the User
Checking for File System Access/Interaction
Checking External Program and Code Execution
Checking Structured Query Language (SQL)/Database Queries
Checking Networking and Communication Streams
Pulling It All Together
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Securing Your Java Code
Introduction
Overview of the Java Security Architecture
The Java Security Model
The Sandbox
How Java Handles Security
Class Loaders
Byte-Code Verifier
Java Protected Domains
Potential Weaknesses in Java
DoS Attack/Degradation of Service Attacks
Third-Party Trojan Horse Attacks
Coding Functional but Secure Java Applets
Message Digests
Digital Signatures
Authentication
Protecting Security with JAR Signing
Encryption
Sun Microsystems Recommendations for Java Security