Hacking the Code - 1st Edition - ISBN: 9781932266658, 9780080478173

Hacking the Code

1st Edition

Auditor's Guide to Writing Secure Code for the Web

Authors: Mark Burnett
eBook ISBN: 9780080478173
Hardcover ISBN: 9781932266658
Imprint: Syngress
Published Date: 24th April 2004
Page Count: 550
Tax/VAT will be calculated at check-out
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
53.95
37.77
37.77
37.77
37.77
37.77
43.16
43.16
32.99
23.09
23.09
23.09
23.09
23.09
26.39
26.39
40.95
28.66
28.66
28.66
28.66
28.66
32.76
32.76
53.95
37.77
37.77
37.77
37.77
37.77
43.16
43.16
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access


Description

Hacking the Code has over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, Hacking the Code dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations is included in both the Local and Remote Code sections of the book.

The book is accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library includes multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

Key Features

  • Learn to quickly create security tools that ease the burden of software testing and network administration
  • Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development
  • Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools
  • Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications
  • Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits

Readership

Security professionals in technical programming and scripting market. Educational institutions teaching security.

Table of Contents


Chapter 1 Managing Users

Introduction

Understanding the Threats

Establishing User Credentials

Enforcing Strong Passwords

Avoiding Easily Guessed Credentials

Preventing Credential Harvesting

Limiting Idle Accounts

Managing Passwords

Storing Passwords

Password Aging and Histories

Changing Passwords

Resetting Lost or Forgotten Passwords

Resetting Passwords

Sending Information Via E-Mail

Assigning Temporary Passwords

Using Secret Questions

Empowering Users

Educating Users

Involving Users

Coding Standards Fast Track

Establishing User Credentials

Managing Passwords

Resetting Lost or Forgotten Passwords

Empowering Users

Code Audit Fast Track

Establishing User Credentials

Managing Passwords

Resetting Lost or Forgotten Passwords

Empowering Users

Frequently Asked Questions

Chapter 2 Authenticating and Authorizing Users

Introduction

Understanding the Threats

Authenticating Users

Building Login Forms

Using Forms Authentication

Using Windows Authentication

Using Passport Authentication

Blocking Brute-Force Attacks

Authorizing Users

Deciding How to Authorize

Employing File Authorization

Applying URL Authorization

Authorizing Users Through Code

Coding Standards Fast Track

Authenticating Users

Authorizing Users

Code Audit Fast Track

Authenticating Users

Authorizing Users

Frequently Asked Questions

Chapter 3 Managing Sessions

Introduction

Session Tokens

Authentication Tokens

Understanding the Threats

Maintaining State

Designing a Secure Token

Selecting a Token Mechanism

Using State Providers

Using ASP.NET Tokens

Using Cookies

Working with View State

Enhancing ASP.NET State Management

Creating Tokens

Terminating Sessions

Coding Standards Fast Track

Maintaining State

Using ASP.NET Tokens

Enhancing ASP.NET State Management

Code Audit Fast Track

Maintaining State

Using ASP.NET Tokens

Enhancing ASP.NET State Management

Frequently Asked Questions

Chapter 4 Encrypting Private Data

Introduction

Using Cryptography in ASP.NET

Employing Symmetric Cryptography

Using Asymmetric Cryptography

Working with Hashing Algorithms

Working with .NET Encryption Features

Creating Random Numbers

Keeping Memory Clean

Protecting Secrets

Protecting Communications with SSL

Coding Standards Fast Track

Using Cryptography in ASP.NET

Working with .NET Encryption Features

Code Audit Fast Track

Using Cryptography in ASP.NET

Working with .NET Encryption Features

Frequently Asked Questions

Chapter 5 Filtering User Input

Introduction

Handling Malicious Input

Identifying Input Sources

Programming Defensively

Constraining Input

Bounds Checking

Pattern Matching

Data Reflecting

Encoding Data

Encapsulating

Parameterizing

Double Decoding

Syntax Checking

Exception Handling

Honey Drops

Limiting Exposure to Malicious Input

Reducing the Attack Surface

Limiting Attack Scope

Hardening Server Applications

Coding Standards Fast Track

Handling Malicious Input

Constraining Input

Limiting Exposure to Malicious Input

Code Audit Fast Track

Handling Malicious Input

Limiting Exposure to Malicious Input

Frequently Asked Questions

Chapter 6 Accessing Data

Introduction

Securing Databases

Securing the Database Location

Limiting the Attack Surface

Ensuring Least Privilege

Securing the Database

Writing Secure Data Access Code

Connecting to the Data Source

Preventing SQL Injection

Writing Secure SQL Code

Reading and Writing to Data Files

Coding Standards Fast Track

Securing Database Drivers

Securing Databases

Writing Secure Data Access Code

Code Audit Fast Track

Securing Database Drivers

Securing the Database

Writing Secure Data Access Code

Frequently Asked Questions

Chapter 7 Developing Secure ASP.NET Applications

Introduction

Understanding the Threats

Writing Secure HTML

Constructing Safe HTML

Preventing Information Leaks

Handling Exceptions

Using Structured Error Handling

Reporting and Logging Errors

Coding Standards Fast Track

Writing Secure HTML

Handling Exceptions

Code Audit Fast Track

Writing Secure HTML

Handling Exceptions

Frequently Asked Questions

Chapter 8 Securing XML

Introduction

Applying XML Encryption

Encrypting XML Data

Applying XML Digital Signatures

Signing XML Data

Coding Standards Fast Track

Applying XML Encryption

Applying XML Digital Signatures

Coding Audit Fast Track

Applying XML Encryption

Applying XML Digital Signatures

Frequently Asked Questions

Appendix A Understanding .NET Security

Introduction

Permissions

Principal

Authentication

Authorization

Security Policy

Type Safety

Code Access Security

.NET Code Access Security Model

Role-Based Security

Principals

Role-Based Security Checks

Security Policies

Creating a New Permission Set

Modifying the Code Group Structure

Remoting Security

Cryptography

Security Tools

Summary

Security Fast Track

Frequently Asked Questions

Appendix B Glossary of Web Application Security Threats

Index




Details

No. of pages:
550
Language:
English
Copyright:
© Syngress 2004
Published:
Imprint:
Syngress
eBook ISBN:
9780080478173
Hardcover ISBN:
9781932266658

About the Author

Mark Burnett

Affiliations and Expertise

Independent researcher, consultant, and writer specializing in Windows security