Hacking the Code

1st Edition

Auditor's Guide to Writing Secure Code for the Web

Authors: Mark Burnett
Hardcover ISBN: 9781932266658
eBook ISBN: 9780080478173
Imprint: Syngress
Published Date: 24th April 2004
Page Count: 550
Tax/VAT will be calculated at check-out
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

Key Features

  • Learn to quickly create security tools that ease the burden of software testing and network administration
  • Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development
  • Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools
  • Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications
  • Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits


Security professionals in technical programming and scripting market. Educational institutions teaching security.

Table of Contents

Chapter 1 Managing Users Introduction Understanding the Threats Establishing User Credentials Enforcing Strong Passwords Avoiding Easily Guessed Credentials Preventing Credential Harvesting Limiting Idle Accounts Managing Passwords Storing Passwords Password Aging and Histories Changing Passwords Resetting Lost or Forgotten Passwords Resetting Passwords Sending Information Via E-Mail Assigning Temporary Passwords Using Secret Questions Empowering Users Educating Users Involving Users Coding Standards Fast Track Establishing User Credentials Managing Passwords Resetting Lost or Forgotten Passwords Empowering Users Code Audit Fast Track Establishing User Credentials Managing Passwords Resetting Lost or Forgotten Passwords Empowering Users Frequently Asked Questions Chapter 2 Authenticating and Authorizing Users Introduction Understanding the Threats Authenticating Users Building Login Forms Using Forms Authentication Using Windows Authentication Using Passport Authentication Blocking Brute-Force Attacks Authorizing Users Deciding How to Authorize Employing File Authorization Applying URL Authorization Authorizing Users Through Code Coding Standards Fast Track Authenticating Users Authorizing Users Code Audit Fast Track Authenticating Users Authorizing Users Frequently Asked Questions Chapter 3 Managing Sessions Introduction Session Tokens Authentication Tokens Understanding the Threats Maintaining State Designing a Secure Token S


No. of pages:
© Syngress 2004
eBook ISBN:
Hardcover ISBN:

About the Author

Mark Burnett

Affiliations and Expertise

Independent researcher, consultant, and writer specializing in Windows security