Seven Deadliest Web Application Attacks

1st Edition

Authors: Mike Shema
Print ISBN: 9781597495431
eBook ISBN: 9781597495448
Imprint: Syngress
Published Date: 17th March 2010
Page Count: 192
19.95 + applicable tax
15.99 + applicable tax
26.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Seven Deadliest Wireless Technologies Attacks draws attention to the vagaries of Web security by discussing the seven deadliest vulnerabilities exploited by attackers. Each chapter presents examples of different attacks conducted against Web sites. The methodology behind the attack is explored, showing its potential impact. Then, the chapter moves on to address possible countermeasures for different aspects of the attack.
The book consists of seven chapters that cover the following: the most pervasive and easily exploited vulnerabilities in Web sites and Web browsers; Structured Query Language (SQL) injection attacks; mistakes of server administrators that expose the Web site to attack; brute force attacks; and logic attacks. The ways in which malicious software malware has been growing as a threat on the Web are also discussed.
This book is intended for anyone who uses the Web to check e-mail, shop, or work. Web application developers and security professionals will benefit from the technical details and methodology behind the Web attacks covered in this book. Executive level management will benefit from understanding the threats to a Web site, and in many cases, how a simple attack requiring nothing more than a Web browser can severely impact a site.

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable


Information security professionals of all levels; web application developers; recreational hackers

Table of Contents

About the Authors Introduction Chapter 1 Cross-Site Scripting Understanding HTML Injection Identifying Points of Injection Distinguishing Different Delivery Vectors Handling Character Sets Safely Not Failing Secure Avoiding Blacklisted Characters Altogether Dealing with Browser Quirks The Unusual Suspects Employing Countermeasures Fixing a Static Character Set Normalizing Character Sets and Encoding Encoding the Output Beware of Exclusion Lists and Regexes Reuse, Don’t Reimplement, Code JavaScript Sandboxes Summary Chapter 2 Cross-Site Request Forgery Understanding Cross-Site Request Forgery Request Forgery via Forced Browsing Attacking Authenticated Actions without Passwords Dangerous Liaison: CSRF and XSS Beyond GET Be Wary of the Tangled Web Variation on a Theme: Clickjacking Employing Countermeasures Defending the Web Application Defending the Web Browser Summary Chapter 3 Structured Query Language Injection Understanding SQL Injection Breaking the Query Vivisecting the Database Alternate Attack Vectors Employing Countermeasures Validating Input Securing the Query Protecting Information Stay Current with Database Patches Summary Chapter 4 Server Misconfiguration and Predictable Pages Understanding the Attacks Identifying Insecure Design Patterns Targeting the Operating System Attacking the Server Employing Countermeasures Restricting File Access Using Object References Blacklisting Insecure Functions Enforcing Authorization Restricting Network Connections Summary Chapter 5 Breaking Authentication Schemes Understanding Authentication Attac


No. of pages:
© Syngress 2010
eBook ISBN:
Paperback ISBN:

About the Author

Mike Shema

Mike Shema develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.

Affiliations and Expertise

Web Application Security Solutions, Qualys, Inc.


"Author Mike Shema explains potential vulnerabilities and offers case studies based on actual attacks, looking at the topic from a forensic perspective to devise proper preventive measures. This is where the series will endear itself to Web application developers and to security professionals in particular…. This set of books assumes some basic familiarity with the Web. It should, however, appeal to all security professionals, from top-level executives and IT experts to the lowest rung of managers."--Security Management

"For the reader engaged in professional testing of this type the explanation of the issues and mitigation strategies will provide an ideal starting point for educating and advising clients.… For any reader looking for a sound basic introduction to web application security testing without wanting to spend too much this book can be recommended as an ideal place to start."--BCS British Computer Society