LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Web Application Vulnerabilities
Detect, Exploit, Prevent
- 1st Edition - December 14, 2007
- Author: Steven Palmer
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 2 0 9 - 6
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 5 5 6 6 4 - 2
In this book, we aim to describe how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. We will describe common… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteIn this book, we aim to describe how to make a computer bend to your will by finding and exploiting vulnerabilities specifically in Web applications. We will describe common security issues in Web applications, tell you how to find them, describe how to exploit them, and then tell you how to fix them. We will also cover how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. We will also try to explain how to detect if hackers are actively trying to exploit vulnerabilities in your own Web applications.
- Learn to defend Web-based applications developed with AJAX, SOAP, XMLPRC, and more.
- See why Cross Site Scripting attacks can be so devastating.
This book is written for designers, developers, and testers of Web-based applications. These readers are intermediate to advanced and have working knowledge of all common programming languages used for developing Web-based applications including Java, JavaScript, AJAX, ColdFusion, Perl, ActiveX, and the various .net languages.
Chapter 1: Introduction
Chapter 2: Information Gathering Techniques
Chapter 3: Common Input Validation Vulnerabilities
Chapter 4: Application Logic Flaws and Common Coding Issues
Chapter 5: Common Client Trust Issues
Chapter 6: Server Side Validation Vulnerabilities in a Multi User Multi Role Environment
Chapter 7: Session Management Vulnerabilities
Chapter 8: Phishing
Chapter 9: Client Side Security
Chapter 10: Same Issues / New Technologies
Chapter 11: Other Security Considerations
Chapter 2: Information Gathering Techniques
Chapter 3: Common Input Validation Vulnerabilities
Chapter 4: Application Logic Flaws and Common Coding Issues
Chapter 5: Common Client Trust Issues
Chapter 6: Server Side Validation Vulnerabilities in a Multi User Multi Role Environment
Chapter 7: Session Management Vulnerabilities
Chapter 8: Phishing
Chapter 9: Client Side Security
Chapter 10: Same Issues / New Technologies
Chapter 11: Other Security Considerations
- No. of pages: 480
- Language: English
- Edition: 1
- Published: December 14, 2007
- Imprint: Syngress
- Paperback ISBN: 9781597492096
- eBook ISBN: 9780080556642
SP
Steven Palmer
Steve has 16 years of experience in the information technology industry. Steve has worked for several very successful security boutiques as an ethical hacker. Steve has found hundreds of previously undiscovered critical vulnerabilities in a wide variety of products and applications for a wide variety of clients. Steve has performed security assessments and penetration tests for clients in many diverse industries and government agencies. He has performed security assessments for companies in many different verticals such as the entertainment, oil, energy, pharmaceutical, engineering, automotive, aerospace, insurance, computer & network security, medical, and financial & banking industries. Steve has also performed security assessments for government agencies such as the Department of Interior, Department of Treasury, Department of Justice, Department of Interior, as well as the Intelligence Community. Steve’s findings have lead to the entire Department of Interior being disconnected from the Internet. Prior to being a security consultant Steve worked as a System Administrator, administering firewalls, UNIX systems, and databases for the Department of Defense, Department of Treasury, and the Department of Justice. Prior to that, Steve served 6 years in the United States Navy as an Electronics Technician. Steve has also written several security tools which have yet to be released publicly. Steve is also a member of the FBI’s Infragard organization.
Affiliations and expertise
Member of the FBI’s Infragard Organization and Penetration Tester of Critical Federal Network InfrastructureRead Web Application Vulnerabilities on ScienceDirect