LEADER 05315nam 2200649 450 001 9910807159803321 005 20200520144314.0 010 $a1-118-91435-X 010 $a1-118-66210-5 035 $a(CKB)2670000000530895 035 $a(EBL)1641459 035 $a(SSID)ssj0001153869 035 $a(PQKBManifestationID)11727952 035 $a(PQKBTitleCode)TC0001153869 035 $a(PQKBWorkID)11154479 035 $a(PQKB)11130589 035 $a(Au-PeEL)EBL1641459 035 $a(CaPaEBR)ebr10842312 035 $a(CaONFJC)MIL578595 035 $a(OCoLC)871225516 035 $a(CaSebORM)9781118662090 035 $a(MiAaPQ)EBC1641459 035 $a(EXLCZ)992670000000530895 100 $a20140313h20142014 uy 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 14$aThe browser hacker's handbook /$fWade Alcorn, Christian Frichot, Michele Orru? 205 $a1st edition 210 1$aIndianapolis, Indiana :$cWiley,$d2014. 210 4$dİ2014 215 $a1 online resource (650 p.) 300 $aIncludes index. 311 $a1-118-66209-1 320 $aIncludes bibliographical references and index. 327 $aCopyright; About the Authors; About the Contributing Authors; About the Technical Editor; Credits; Acknowledgments; Contents; Introduction; Chapter 1: Web Browser Security; A Principal Principle; Exploring the Browser; Symbiosis with the Web Application; Same Origin Policy; HTTP Headers; Markup Languages; HTML; XML; Cascading Style Sheets; Scripting; JavaScript; VBScript; Document Object Model; Rendering Engines; WebKit; Trident; Gecko; Presto; Blink; Geolocation; Web Storage; Cross-origin Resource Sharing; HTML5; WebSocket; Web Workers; History Manipulation; WebRTC; Vulnerabilities 327 $aEvolutionary PressuresHTTP Headers; Content Security Policy; Secure Cookie Flag; HttpOnly Cookie Flag; X-Content-Type-Options; Strict-Transport-Security; X-Frame-Options; Reflected XSS Filtering; Sandboxing; Browser Sandboxing; IFrame Sandboxing; Anti-phishing and Anti-malware; Mixed Content; Core Security Problems; Attack Surface; Rate of Change; Silent Updating; Extensions; Plugins; Surrendering Control; TCP Protocol Control; Encrypted Communication; Same Origin Policy; Fallacies; Robustness Principle Fallacy; External Security Perimeter Fallacy; Browser Hacking Methodology; Initiating 327 $aRetainingAttacking; Summary; Questions; Notes; Chapter 2: Initiating Control; Understanding Control Initiation; Control Initiation Techniques; Using Cross-site Scripting Attacks; Reflected Cross-site Scripting; Stored Cross-site Scripting; DOM Cross-site Scripting; Universal Cross-site Scripting; XSS Viruses; Bypassing XSS Controls; Using Compromised Web Applications; Using Advertising Networks; Using Social Engineering Attacks; Phishing Attacks; Baiting; Anti-Phishing Controls; Using Man-in-the-Middle Attacks; Man-in-the-Browser; Wireless Attacks; ARP Spoofing; DNS Poisoning 327 $aExploiting CachingSummary; Questions; Notes; Chapter 3: Retaining Control; Understanding Control Retention; Exploring Communication Techniques; Using XMLHttpRequest Polling; Using Cross-origin Resource Sharing; Using WebSocket Communication; Using Messaging Communication; Using DNS Tunnel Communication; Exploring Persistence Techniques; Using IFrames; Using Full Browser Frame Overlay; Using Browser Events; Using Pop-Under Windows; Using Man-in-the-Browser Attacks; Hijacking AJAX Calls; Hijacking Non-AJAX Requests; Evading Detection; Evasion using Encoding; Base64 Encoding; Whitespace Encoding 327 $aNon-alphanumeric JavaScriptEvasion using Obfuscation; Random Variables and Methods; Mixing Object Notations; Time Delays; Mixing Content from Another Context; Using the callee Property; Evasion using JavaScript Engines Quirks; Summary; Questions; Notes; Chapter 4: Bypassing the Same; Understanding the Same Origin Policy; Understanding the SOP with the DOM; Understanding the SOP with CORS; Understanding the SOP with Plugins; Understanding the SOP with UI Redressing; Understanding the SOP with Browser History; Exploring SOP Bypasses; Bypassing SOP in Java; Bypassing SOP in Adobe Reader 327 $aBypassing SOP in Adobe Flash 330 $aHackers exploit browser vulnerabilities to attack deep within networks The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods. The web browser has become the most popular and widely used computer ""program"" in the world. As the gateway to the Internet, it is part of the storefront to any business that 606 $aComputer hackers$vHandbooks, manuals, etc 615 0$aComputer hackers 676 $a005.8 700 $aAlcorn$b Wade$01717594 701 $aFrichot$b Christian$01717595 701 $aOrru?$b Michele$01717596 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910807159803321 996 $aThe browser hacker's handbook$94113949 997 $aUNINA