Hack Proofing Your Web Applications

Hack Proofing Your Web Applications

The Only Way to Stop a Hacker Is to Think Like One

1st Edition - June 18, 2001

Write a review

  • Author: Syngress
  • eBook ISBN: 9780080478135

Purchase options

Purchase options
DRM-free (PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

From the authors of the bestselling Hack Proofing Your Network!OPEC, Amazon, Yahoo! and E-bay: If these large, well-established and security-conscious web sites have problems, how can anyone be safe? How can any programmer expect to develop web applications that are secure? Hack Proofing Your Web Applications is the only book specifically written for application developers and webmasters who write programs that are used on web sites. It covers Java applications, XML, ColdFusion, and other database applications. Most hacking books focus on catching the hackers once they've entered the site; this one shows programmers how to design tight code that will deter hackers from the word go.Comes with up-to-the-minute web based support and a CD-ROM containing source codes and sample testing programsUnique approach: Unlike most hacking books this one is written for the application developer to help them build less vulnerable programs

Table of Contents


  • Foreword

    Chapter 1 Hacking Methodology

    Introduction

    Understanding the Terms

    A Brief History of Hacking

    Phone System Hacking

    Computer Hacking

    What Motivates a Hacker

    Ethical Hacking versus Malicious Hacking

    Working with Security Professionals

    Understanding Current Attack Types

    DoS/DDoS

    Virus Hacking

    Stealing

    Recognizing Web Application Security Threats

    Hidden Manipulation

    Parameter Tampering

    Cross-Site Scripting

    Buffer Overflow

    Cookie Poisoning

    Preventing Break-Ins by Thinking Like a Hacker

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 2 How to Avoid Becoming a “Code Grinder”

    Introduction

    What Is a Code Grinder

    Following the Rules

    Thinking Creatively When Coding

    Allowing for Thought

    Security from the Perspective of a Code Grinder

    Coding in a Vacuum

    Building Functional and Secure Web Applications

    But My Code Is Functional

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 3 Understanding the Risks Associated with Mobile Code

    Introduction

    Recognizing the Impact of Mobile Code Attacks

    Browser Attacks

    Mail Client Attacks

    Malicious Scripts or Macros

    Identifying Common Forms of Mobile Code

    Macro Languages:Visual Basic for Applications (VBA)

    JavaScript

    VBScript

    Java Applets

    ActiveX Controls

    E-Mail Attachments and Downloaded Executables

    Protecting Your System from Mobile Code Attacks

    Security Applications

    Web-Based Tools

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 4 Vulnerable CGI Scripts

    Introduction

    What Is a CGI Script, and What Does It Do

    Typical Uses of CGI Scripts

    When Should You Use CGI

    Break-Ins Resulting from Weak CGI Scripts

    How to Write “Tighter” CGI Scripts

    Searchable Index Commands

    CGI Wrappers

    Languages for Writing CGI Scripts

    Unix Shell

    Perl

    C/C++

    Visual Basic

    Advantages of Using CGI Scripts

    Rules for Writing Secure CGI Scripts

    Storing CGI Scripts

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 5 Hacking Techniques and Tools

    Introduction

    A Hacker’s Goals

    Minimize the Warning Signs

    Maximize the Access

    Damage, Damage,Damage

    Turning the Tables

    The Five Phases of Hacking

    Creating an Attack Map

    Building an Execution Plan

    Establishing a Point of Entry

    Continued and Further Access

    The Attack

    Social Engineering

    Sensitive Information

    The Intentional “Back Door” Attack

    Hard-Coding a Back Door Password

    Exploiting Inherent Weaknesses in Code or Programming Environments

    The Tools of the Trade

    Hex Editors

    Debuggers

    Disassemblers

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 6 Code Auditing and Reverse Engineering

    Introduction

    How to Efficiently Trace through a Program

    Auditing and Reviewing Selected Programming Languages

    Reviewing Java

    Reviewing Java Server Pages

    Reviewing Active Server Pages

    Reviewing Server Side Includes

    Reviewing Python

    Reviewing Tool Command Language

    Reviewing Practical Extraction and Reporting Language

    Reviewing PHP: Hypertext Preprocessor

    Reviewing C/C++

    Reviewing ColdFusion

    Looking for Vulnerabilities

    Getting the Data from the User

    Looking for Buffer Overflows

    Checking the Output Given to the User

    Checking for File System Access/Interaction

    Checking External Program and Code Execution

    Checking Structured Query Language (SQL)/Database Queries

    Checking Networking and Communication Streams

    Pulling It All Together

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 7 Securing Your Java Code

    Introduction

    Overview of the Java Security Architecture

    The Java Security Model

    The Sandbox

    How Java Handles Security

    Class Loaders

    Byte-Code Verifier

    Java Protected Domains

    Potential Weaknesses in Java

    DoS Attack/Degradation of Service Attacks

    Third-Party Trojan Horse Attacks

    Coding Functional but Secure Java Applets

    Message Digests

    Digital Signatures

    Authentication

    Protecting Security with JAR Signing

    Encryption

    Sun Microsystems Recommendations for Java Security

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 8 Securing XML

    Introduction

    Defining XML

    Logical Structure

    Elements

    XML and XSL/DTD Documents

    XSL Use of Templates

    XSL Use of Patterns

    DTD

    Creating Web Applications Using XML

    The Risks Associated with Using XML

    Confidentiality Concerns

    Securing XML

    XML Encryption

    XML Digital Signatures

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 9 Building Safe ActiveX Internet Controls

    Introduction

    Dangers Associated with Using ActiveX

    Avoiding Common ActiveX Vulnerabilities

    Lessening the Impact of ActiveX Vulnerabilities

    Methodology for Writing Safe ActiveX Controls

    Object Safety Settings

    Securing ActiveX Controls

    Control Signing

    Control Marking

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 10 Securing ColdFusion

    Introduction

    How Does ColdFusion Work

    Utilizing the Benefit of Rapid Development

    Understanding ColdFusion Markup Language

    Preserving ColdFusion Security

    Secure Development

    Secure Deployment

    ColdFusion Application Processing

    Checking for Existence of Data

    Checking Data Types

    Data Evaluation

    Risks Associated with Using ColdFusion

    Using Error Handling Programs

    Using Per-Session Tracking

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 11 Developing Security-Enabled Applications

    Introduction

    The Benefits of Using Security-Enabled Applications

    Types of Security Used in Applications

    Digital Signatures

    Pretty Good Privacy

    Secure Multipurpose Internet Mail Extension

    Secure Sockets Layer

    Digital Certificates

    Reviewing the Basics of PKI

    Certificate Services

    Using PKI to Secure Web Applications

    Implementing PKI in Your Web Infrastructure

    Microsoft Certificate Services

    Netscape Certificate Server

    PKI for Apache Server

    PKI and Secure Software Toolkits

    Testing Your Security Implementation

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 12 Cradle to Grave: Working with a Security Plan

    Introduction

    Examining Your Code

    Code Reviews

    Peer-to-Peer Code Reviews

    Being Aware of Code Vulnerabilities

    Testing,Testing,Testing

    Using Common Sense When Coding

    Planning

    Coding Standards

    The Tools

    Creating a Security Plan

    Security Planning at the Network Level

    Security Planning at the Application Level

    Security Planning at the Desktop Level

    Web Application Security Process

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Appendix Hack Proofing Your Web Applications Fast Track

    Index


Product details

  • No. of pages: 512
  • Language: English
  • Copyright: © Syngress 2001
  • Published: June 18, 2001
  • Imprint: Syngress
  • eBook ISBN: 9780080478135

About the Author

Syngress

Ratings and Reviews

Write a review

There are currently no reviews for "Hack Proofing Your Web Applications"