05872oam 2200769 a 450 991081147070332120240822125003.097866132582129781283258210128325821897811181752241118175220(CKB)2550000000051735(EBL)819008(OCoLC)759159321(SSID)ssj0000642778(PQKBManifestationID)11372030(PQKBTitleCode)TC0000642778(PQKBWorkID)10649105(PQKB)10498589(Au-PeEL)EBL819008(CaPaEBR)ebr10494632(CaSebORM)9781118026472(MiAaPQ)EBC819008(OCoLC)786167000(OCoLC)ocn786167000(OCoLC)ocn786167000 (EXLCZ)99255000000005173520110818d2011 uy 0engurgn#---uuuuutxtrdacontentcrdamediacrrdacarrierThe web application hacker's handbook finding and exploiting security flaws /Dafydd Stuttard, Marcus PintoSecond edition.Indianapolis, IN :John Wiley & Sons, Inc.,[2011].©20111 online resource (xxxiii, 878 pages) illustrationsPrevious edition published as: The web application hacker's handbook : discovering and exploiting security flaws. 2008.Description based upon print version of record.Includes index.9781118026472 1118026470 The Web Application Hacker's Handbook; Contents; Introduction; Chapter 1 Web Application (In)security; The Evolution of Web Applications; Common Web Application Functions; Benefits of Web Applications; Web Application Security; ""This Site Is Secure""; The Core Security Problem: Users Can Submit Arbitrary Input; Key Problem Factors; The New Security Perimeter; The Future of Web Application Security; Summary; Chapter 2 Core Defense Mechanisms; Handling User Access; Authentication; Session Management; Access Control; Handling User Input; Varieties of Input; Approaches to Input HandlingBoundary ValidationMultistep Validation and Canonicalization; Handling Attackers; Handling Errors; Maintaining Audit Logs; Alerting Administrators; Reacting to Attacks; Managing the Application; Summary; Questions; Chapter 3 Web Application Technologies; The HTTP Protocol; HTTP Requests; HTTP Responses; HTTP Methods; URLs; REST; HTTP Headers; Cookies; Status Codes; HTTPS; HTTP Proxies; HTTP Authentication; Web Functionality; Server-Side Functionality; Client-Side Functionality; State and Sessions; Encoding Schemes; URL Encoding; Unicode Encoding; HTML Encoding; Base64 Encoding; Hex EncodingRemoting and Serialization FrameworksNext Steps; Questions; Chapter 4 Mapping the Application; Enumerating Content and Functionality; Web Spidering; User-Directed Spidering; Discovering Hidden Content; Application Pages Versus Functional Paths; Discovering Hidden Parameters; Analyzing the Application; Identifying Entry Points for User Input; Identifying Server-Side Technologies; Identifying Server-Side Functionality; Mapping the Attack Surface; Summary; Questions; Chapter 5 Bypassing Client-Side Controls; Transmitting Data Via the Client; Hidden Form Fields; HTTP Cookies; URL ParametersThe Referer HeaderOpaque Data; The ASP.NET ViewState; Capturing User Data: HTML Forms; Length Limits; Script-Based Validation; Disabled Elements; Capturing User Data: Browser Extensions; Common Browser Extension Technologies; Approaches to Browser Extensions; Intercepting Traffic from Browser Extensions; Decompiling Browser Extensions; Attaching a Debugger; Native Client Components; Handling Client-Side Data Securely; Transmitting Data Via the Client; Validating Client-Generated Data; Logging and Alerting; Summary; Questions; Chapter 6 Attacking Authentication; Authentication TechnologiesDesign Flaws in Authentication MechanismsBad Passwords; Brute-Forcible Login; Verbose Failure Messages; Vulnerable Transmission of Credentials; Password Change Functionality; Forgotten Password Functionality; ""Remember Me"" Functionality; User Impersonation Functionality; Incomplete Validation of Credentials; Nonunique Usernames; Predictable Usernames; Predictable Initial Passwords; Insecure Distribution of Credentials; Implementation Flaws in Authentication; Fail-Open Login Mechanisms; Defects in Multistage Login Mechanisms; Insecure Storage of Credentials; Securing AuthenticationUse Strong CredentialsThe highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attackFinding and exploiting security flawsInternetSecurity measuresComputer securityInternetSecurity measures.Computer security.004005.8Stuttard Dafydd1972-1686323Pinto Marcus1978-1686324MiAaPQMiAaPQMiAaPQBOOK9910811470703321The web application hacker's handbook4059089UNINA