How to Attack and Defend Your Website - 1st Edition - ISBN: 9780128027325, 9780128027547

How to Attack and Defend Your Website

1st Edition

Editors: Alejandro Caceres
Authors: Henry Dalziel
eBook ISBN: 9780128027547
Paperback ISBN: 9780128027325
Imprint: Syngress
Published Date: 18th December 2014
Page Count: 76
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
24.99
17.49
17.49
17.49
17.49
17.49
19.99
19.99
39.95
27.96
27.96
27.96
27.96
27.96
31.96
31.96
31.95
22.36
22.36
22.36
22.36
22.36
25.56
25.56
Unavailable
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

How to Attack and Defend Your Website is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP protocol and other underlying web technologies; to teach readers how to use the industry standard in free web application vulnerability discovery and exploitation tools – most notably Burp Suite, a fully featured web application testing tool; and finally, to gain knowledge of finding and exploiting the most common web security vulnerabilities.

This book is for information security professionals and those looking to learn general penetration testing methodology and how to use the various phases of penetration testing to identify and exploit common web protocols.

How to Attack and Defend Your Website is be the first book to combine the methodology behind using penetration testing tools such as Burp Suite and Damn Vulnerable Web Application (DVWA), with practical exercises that show readers how to (and therefore, how to prevent) pwning with SQLMap and using stored XSS to deface web pages.

Key Features

  • Learn the basics of penetration testing so that you can test your own website's integrity and security
  • Discover useful tools such as Burp Suite, DVWA, and SQLMap
  • Gain a deeper understanding of how your website works and how best to protect it

Readership

Web application developers, web administrators, security professionals, and website owners

Table of Contents

  • Author Biography
  • Contributing Editor Biography
  • Introduction
  • Chapter 1: Web Technologies
    • Abstract
    • 1.1. Web servers
    • 1.2. Client-side versus server-side programming languages
    • 1.3. JavaScript – what is it?
    • 1.4. What can JavaScript do?
    • 1.5. What can JavaScript not do?
    • 1.6. Databases
    • 1.7. What about HTML?
    • 1.8. Web technologies – putting it together
    • 1.9. Digging deeper
    • 1.10. Hypertext Transfer Protocol (HTTP)
    • 1.11. Verbs
    • 1.12. Special characters and encodings
    • 1.13. Cookies, sessions, and authentication
    • 1.14. Short exercise: Linux machine setup
    • 1.15. Using the Burp Suite intercepting proxy
    • 1.16. Why is the intercepting proxy important?
    • 1.17. Short exercise – using the Burp Suite decoder
    • 1.18. Short exercise – getting comfortable with HTTP and Burp Suite
    • 1.19. Understanding the application
    • 1.20. The Burp Suite site map
    • 1.21. Discovering content and structures
    • 1.22. Understanding an application
  • Chapter 2: Exploitation
    • Abstract
    • 2.1. Bypassing client side controls
    • 2.2. Bypassing client-side controls – example
    • 2.3. Bypassing client-side controls – exercise solution
    • 2.4. SQL injection
    • 2.5. SQL injection
    • 2.6. Short Exercise: Pwning with SQLMap
    • 2.7. Cross-site scripting (XSS)
    • 2.8. Stored cross-site scripting XSS
    • 2.9. Short exercise: using stored XSS to deface a website
  • Chapter 3: Finding Vulnerabilities
    • Abstract
    • 3.1. The basic process – steps
    • 3.2. Exercise – finding vulnerabilities

Details

No. of pages:
76
Language:
English
Copyright:
© Syngress 2015
Published:
Imprint:
Syngress
eBook ISBN:
9780128027547
Paperback ISBN:
9780128027325

About the Editor

Alejandro Caceres

Alejandro Caceres is the founder of Hyperion Gray, LLC, a web security and big data R&D company. He is also the creator of the PunkSPIDER project, an open-source web app vulnerability scanner and repository of vulnerabilities found on the open web. Alejandro has spoken at several major security conferences (DEF CON, ShmooCon, AppSec) and enjoys making web app hacking principles more accessible to web developers so that they can design and build more secure applications.

Affiliations and Expertise

Founder, Hyperion Gray LLC. Virginia, United States.

About the Author

Henry Dalziel

Henry Dalziel is a serial education entrepreneur, founder of Concise Ac Ltd, online cybersecurity blogger and e-book author. He writes for the Concise-Courses.com blog and has developed numerous cybersecurity continuing education courses and books. Concise Ac Ltd develops and distributes continuing education content [books and courses] for cybersecurity professionals seeking skill enhancement and career advancement. The company was recently accepted onto the UK Trade & Investment's (UKTI) Global Entrepreneur Programme (GEP).

Affiliations and Expertise

Founder, Concise Ac Ltd, UK

Reviews

"...does a reasonable job of opening your eyes to the kinds of vulnerabilities from which your site might suffer. You can then use that understanding to fix or prevent them…if you care about your site’s security, this will get you started." --Network Security