LEADER 05631oam 2200685 a 450 001 9910781605703321 005 20220603115839.0 010 $a1-283-25821-8 010 $a9786613258212 010 $a1-118-17522-0 035 $a(CKB)2550000000051735 035 $a(EBL)819008 035 $a(OCoLC)759159321 035 $a(SSID)ssj0000642778 035 $a(PQKBManifestationID)11372030 035 $a(PQKBTitleCode)TC0000642778 035 $a(PQKBWorkID)10649105 035 $a(PQKB)10498589 035 $a(Au-PeEL)EBL819008 035 $a(CaPaEBR)ebr10494632 035 $a(CaSebORM)9781118026472 035 $a(MiAaPQ)EBC819008 035 $a(EXLCZ)992550000000051735 100 $a20110818d2011 uy 0 101 0 $aeng 135 $aurgn#---uuuuu 181 $ctxt$2rdacontent 182 $cc$2rdamedia 183 $acr$2rdacarrier 200 14$aThe web application hacker's handbook $efinding and exploiting security flaws /$fDafydd Stuttard, Marcus Pinto 205 $aSecond edition. 210 1$aIndianapolis, IN :$cJohn Wiley & Sons, Inc.,$d[2011]. 210 4$d©2011 215 $a1 online resource (xxxiii, 878 pages) $cillustrations 300 $aPrevious edition published as: The web application hacker's handbook : discovering and exploiting security flaws. 2008. 300 $aDescription based upon print version of record. 300 $aIncludes index. 311 0 $a1118026470 327 $aThe Web Application Hacker's Handbook; Contents; Introduction; Chapter 1 Web Application (In)security; The Evolution of Web Applications; Common Web Application Functions; Benefits of Web Applications; Web Application Security; ""This Site Is Secure""; The Core Security Problem: Users Can Submit Arbitrary Input; Key Problem Factors; The New Security Perimeter; The Future of Web Application Security; Summary; Chapter 2 Core Defense Mechanisms; Handling User Access; Authentication; Session Management; Access Control; Handling User Input; Varieties of Input; Approaches to Input Handling 327 $aBoundary ValidationMultistep Validation and Canonicalization; Handling Attackers; Handling Errors; Maintaining Audit Logs; Alerting Administrators; Reacting to Attacks; Managing the Application; Summary; Questions; Chapter 3 Web Application Technologies; The HTTP Protocol; HTTP Requests; HTTP Responses; HTTP Methods; URLs; REST; HTTP Headers; Cookies; Status Codes; HTTPS; HTTP Proxies; HTTP Authentication; Web Functionality; Server-Side Functionality; Client-Side Functionality; State and Sessions; Encoding Schemes; URL Encoding; Unicode Encoding; HTML Encoding; Base64 Encoding; Hex Encoding 327 $aRemoting and Serialization FrameworksNext Steps; Questions; Chapter 4 Mapping the Application; Enumerating Content and Functionality; Web Spidering; User-Directed Spidering; Discovering Hidden Content; Application Pages Versus Functional Paths; Discovering Hidden Parameters; Analyzing the Application; Identifying Entry Points for User Input; Identifying Server-Side Technologies; Identifying Server-Side Functionality; Mapping the Attack Surface; Summary; Questions; Chapter 5 Bypassing Client-Side Controls; Transmitting Data Via the Client; Hidden Form Fields; HTTP Cookies; URL Parameters 327 $aThe Referer HeaderOpaque Data; The ASP.NET ViewState; Capturing User Data: HTML Forms; Length Limits; Script-Based Validation; Disabled Elements; Capturing User Data: Browser Extensions; Common Browser Extension Technologies; Approaches to Browser Extensions; Intercepting Traffic from Browser Extensions; Decompiling Browser Extensions; Attaching a Debugger; Native Client Components; Handling Client-Side Data Securely; Transmitting Data Via the Client; Validating Client-Generated Data; Logging and Alerting; Summary; Questions; Chapter 6 Attacking Authentication; Authentication Technologies 327 $aDesign Flaws in Authentication MechanismsBad Passwords; Brute-Forcible Login; Verbose Failure Messages; Vulnerable Transmission of Credentials; Password Change Functionality; Forgotten Password Functionality; ""Remember Me"" Functionality; User Impersonation Functionality; Incomplete Validation of Credentials; Nonunique Usernames; Predictable Usernames; Predictable Initial Passwords; Insecure Distribution of Credentials; Implementation Flaws in Authentication; Fail-Open Login Mechanisms; Defects in Multistage Login Mechanisms; Insecure Storage of Credentials; Securing Authentication 327 $aUse Strong Credentials 330 $aThe highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack 606 $aInternet$xSecurity measures 606 $aComputer security 615 0$aInternet$xSecurity measures. 615 0$aComputer security. 676 $a004 676 $a005.8 700 $aStuttard$b Dafydd$f1972-$01517578 701 $aPinto$b Marcus$f1978-$01517579 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910781605703321 996 $aThe web application hacker's handbook$93754734 997 $aUNINA LEADER 03052oam 2200613I 450 001 9910785152103321 005 20230725024926.0 010 $a0-429-13424-X 010 $a1-4398-0837-6 024 7 $a10.1201/9781439808375 035 $a(CKB)2670000000044426 035 $a(EBL)581715 035 $a(OCoLC)667286577 035 $a(SSID)ssj0000410898 035 $a(PQKBManifestationID)11255548 035 $a(PQKBTitleCode)TC0000410898 035 $a(PQKBWorkID)10352019 035 $a(PQKB)11456335 035 $a(MiAaPQ)EBC581715 035 $a(Au-PeEL)EBL581715 035 $a(CaPaEBR)ebr10412002 035 $a(CaONFJC)MIL692676 035 $a(OCoLC)901278476 035 $a(EXLCZ)992670000000044426 100 $a20180331d2011 uy 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 00$aAccurate condensed-phase quantum chemistry /$feditor, Frederick R. Manby 210 1$aBoca Raton :$cTaylor & Francis,$d2011. 215 $a1 online resource (214 p.) 225 1 $aComputation in chemistry 300 $aDescription based upon print version of record. 311 $a1-322-61394-X 311 $a1-4398-0836-8 320 $aIncludes bibliographical references and index. 327 $aFront cover; Contents; Series Preface; Preface; Editor; Contributors; chapter one. Laplace transform second-order Møller-Plesset methods in the atomic orbital basis for periodic systems; chapter two. Density fitting for correlated calculations in periodic systems; chapter three. The method of increments-a wavefunction-based correlation method for extended systems; chapter four. The hierarchical scheme for electron correlation in crystalline solids; chapter five. Electrostatically embedded many-body expansion for large systems 327 $achapter six. Electron correlation in solids: Delocalized and localized orbital approacheschapter seven. Ab initio Monte Carlo simulations of liquid water; Back cover 330 $aThe theoretical methods of quantum chemistry have matured to the point that accurate predictions can be made and experiments can be understood for a wide range of important gas-phase phenomena. A large part of this success can be attributed to the maturation of hierarchies of approximation, which allow one to approach very high accuracy, provided that sufficient computational resources are available. Until recently, these hierarchies have not been available in condensed-phase chemistry, but recent advances in the field have now led to a group of methods that are capable of reaching this goa 410 0$aComputation in chemistry. 606 $aQuantum chemistry 606 $aCondensed matter 615 0$aQuantum chemistry. 615 0$aCondensed matter. 676 $a541/.28 701 $aManby$b Frederick R$01527133 801 0$bFlBoTFG 801 1$bFlBoTFG 906 $aBOOK 912 $a9910785152103321 996 $aAccurate condensed-phase quantum chemistry$93769682 997 $aUNINA