Implement bulletproof e-business security the proven Hacking Exposed way
Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.
Table of contents
Chapter 1: Hacking Web Apps 101
Chapter 2: Profiling
Chapter 3: Hacking Web Platforms
Chapter 4: Attacking Web Authentication
Chapter 5: Attacking Web Authorization
Chapter 6: Input Validation Attacks
Chapter 7: Attacking Web Datastores
Chapter 8: Attacking XML Web Services
Chapter 9: Attacking Web Application Management
Chapter 10: Hacking Web Clients
Chapter 11: Denial-of-Service (DoS) Attacks
Chapter 12: Full-Knowledge Analysis
Chapter 13: Web Application Security Scanners
APPENDIX A: WEB APPLICATION SECURITY CHECKLIST
APPENDIX B: WEB HACKING TOOLS AND TECHNIQUES CRIBSHEET
APPENDIX C: URLScan AND ModSecurity
APPENDIX D: ABOUT THE COMPANION WEB SITE
INDEX
Biographical note
Joel Scambray, CISSP, is a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform group to focus on security technology development. He has more than 15 years of information security experience, including senior management roles at Ernst & Young, co-founder of Foundstone, technical consultant for Fortune 500 enterprises, and co-author of the best-selling Hacking Exposed book series.
Mike Shema, is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit.
Caleb Sima, is the co-founder and CTO of SPI Dynamics, a web application security products company, and has more than 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press. He is also a contributing author to various magazines and online columns. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).
Back cover copy
Implement bulletproof e-business security the proven Hacking Exposed wayDefend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals. Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systemsGet details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like PassportSee how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniquesFind and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuseGet an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasuresLearn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraudTour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware
download:-
http://rapidshare.com/files/120520076/
hacking_exposed_2nd_r00tshell.rar
pass:-r00tshell
No comments:
Post a Comment