COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Hack Proofing Your Web Applications - 1st Edition - ISBN: 9781928994312, 9780080478135

Hack Proofing Your Web Applications

1st Edition

The Only Way to Stop a Hacker Is to Think Like One

Author: Syngress
eBook ISBN: 9780080478135
Imprint: Syngress
Published Date: 18th June 2001
Page Count: 512
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


From the authors of the bestselling Hack Proofing Your Network!

OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problems, how can anyone be safe? How can any programmer expect to develop web applications that are secure?

Hack Proofing Your Web Applications is the only book specifically written for application developers and webmasters who write programs that are used on web sites. It covers Java applications, XML, ColdFusion, and other database applications. Most hacking books focus on catching the hackers once they've entered the site; this one shows programmers how to design tight code that will deter hackers from the word go.

Comes with up-to-the-minute web based support and a CD-ROM containing source codes and sample testing programs Unique approach: Unlike most hacking books this one is written for the application developer to help them build less vulnerable programs

Table of Contents


Chapter 1 Hacking Methodology


Understanding the Terms

A Brief History of Hacking

Phone System Hacking

Computer Hacking

What Motivates a Hacker

Ethical Hacking versus Malicious Hacking

Working with Security Professionals

Understanding Current Attack Types


Virus Hacking


Recognizing Web Application Security Threats

Hidden Manipulation

Parameter Tampering

Cross-Site Scripting

Buffer Overflow

Cookie Poisoning

Preventing Break-Ins by Thinking Like a Hacker


Solutions Fast Track

Frequently Asked Questions

Chapter 2 How to Avoid Becoming a “Code Grinder”


What Is a Code Grinder

Following the Rules

Thinking Creatively When Coding

Allowing for Thought

Security from the Perspective of a Code Grinder

Coding in a Vacuum

Building Functional and Secure Web Applications

But My Code Is Functional


Solutions Fast Track

Frequently Asked Questions

Chapter 3 Understanding the Risks Associated with Mobile Code


Recognizing the Impact of Mobile Code Attacks

Browser Attacks

Mail Client Attacks

Malicious Scripts or Macros

Identifying Common Forms of Mobile Code

Macro Languages:Visual Basic for Applications (VBA)



Java Applets

ActiveX Controls

E-Mail Attachments and Downloaded Executables

Protecting Your System from Mobile Code Attacks

Security Applications

Web-Based Tools


Solutions Fast Track

Frequently Asked Questions

Chapter 4 Vulnerable CGI Scripts


What Is a CGI Script, and What Does It Do

Typical Uses of CGI Scripts

When Should You Use CGI

Break-Ins Resulting from Weak CGI Scripts

How to Write “Tighter” CGI Scripts

Searchable Index Commands

CGI Wrappers

Languages for Writing CGI Scripts

Unix Shell



Visual Basic

Advantages of Using CGI Scripts

Rules for Writing Secure CGI Scripts

Storing CGI Scripts


Solutions Fast Track

Frequently Asked Questions

Chapter 5 Hacking Techniques and Tools


A Hacker’s Goals

Minimize the Warning Signs

Maximize the Access

Damage, Damage,Damage

Turning the Tables

The Five Phases of Hacking

Creating an Attack Map

Building an Execution Plan

Establishing a Point of Entry

Continued and Further Access

The Attack

Social Engineering

Sensitive Information

The Intentional “Back Door” Attack

Hard-Coding a Back Door Password

Exploiting Inherent Weaknesses in Code or Programming Environments

The Tools of the Trade

Hex Editors




Solutions Fast Track

Frequently Asked Questions

Chapter 6 Code Auditing and Reverse Engineering


How to Efficiently Trace through a Program

Auditing and Reviewing Selected Programming Languages

Reviewing Java

Reviewing Java Server Pages

Reviewing Active Server Pages

Reviewing Server Side Includes

Reviewing Python

Reviewing Tool Command Language

Reviewing Practical Extraction and Reporting Language

Reviewing PHP: Hypertext Preprocessor

Reviewing C/C++

Reviewing ColdFusion

Looking for Vulnerabilities

Getting the Data from the User

Looking for Buffer Overflows

Checking the Output Given to the User

Checking for File System Access/Interaction

Checking External Program and Code Execution

Checking Structured Query Language (SQL)/Database Queries

Checking Networking and Communication Streams

Pulling It All Together


Solutions Fast Track

Frequently Asked Questions

Chapter 7 Securing Your Java Code


Overview of the Java Security Architecture

The Java Security Model

The Sandbox

How Java Handles Security

Class Loaders

Byte-Code Verifier

Java Protected Domains

Potential Weaknesses in Java

DoS Attack/Degradation of Service Attacks

Third-Party Trojan Horse Attacks

Coding Functional but Secure Java Applets

Message Digests

Digital Signatures


Protecting Security with JAR Signing


Sun Microsystems Recommendations for Java Security


Solutions Fast Track

Frequently Asked Questions

Chapter 8 Securing XML


Defining XML

Logical Structure


XML and XSL/DTD Documents

XSL Use of Templates

XSL Use of Patterns


Creating Web Applications Using XML

The Risks Associated with Using XML

Confidentiality Concerns

Securing XML

XML Encryption

XML Digital Signatures


Solutions Fast Track

Frequently Asked Questions

Chapter 9 Building Safe ActiveX Internet Controls


Dangers Associated with Using ActiveX

Avoiding Common ActiveX Vulnerabilities

Lessening the Impact of ActiveX Vulnerabilities

Methodology for Writing Safe ActiveX Controls

Object Safety Settings

Securing ActiveX Controls

Control Signing

Control Marking


Solutions Fast Track

Frequently Asked Questions

Chapter 10 Securing ColdFusion


How Does ColdFusion Work

Utilizing the Benefit of Rapid Development

Understanding ColdFusion Markup Language

Preserving ColdFusion Security

Secure Development

Secure Deployment

ColdFusion Application Processing

Checking for Existence of Data

Checking Data Types

Data Evaluation

Risks Associated with Using ColdFusion

Using Error Handling Programs

Using Per-Session Tracking


Solutions Fast Track

Frequently Asked Questions

Chapter 11 Developing Security-Enabled Applications


The Benefits of Using Security-Enabled Applications

Types of Security Used in Applications

Digital Signatures

Pretty Good Privacy

Secure Multipurpose Internet Mail Extension

Secure Sockets Layer

Digital Certificates

Reviewing the Basics of PKI

Certificate Services

Using PKI to Secure Web Applications

Implementing PKI in Your Web Infrastructure

Microsoft Certificate Services

Netscape Certificate Server

PKI for Apache Server

PKI and Secure Software Toolkits

Testing Your Security Implementation


Solutions Fast Track

Frequently Asked Questions

Chapter 12 Cradle to Grave: Working with a Security Plan


Examining Your Code

Code Reviews

Peer-to-Peer Code Reviews

Being Aware of Code Vulnerabilities


Using Common Sense When Coding


Coding Standards

The Tools

Creating a Security Plan

Security Planning at the Network Level

Security Planning at the Application Level

Security Planning at the Desktop Level

Web Application Security Process


Solutions Fast Track

Frequently Asked Questions

Appendix Hack Proofing Your Web Applications Fast Track



No. of pages:
© Syngress 2001
18th June 2001
eBook ISBN:

About the Author

Ratings and Reviews