Amazing Books
Temporary Blank

Wednesday, September 22, 2010

Web Hacking Attacks and Defense













By Stuart McClure, Saumil Shah, Shreeraj Shah

Publisher: Addison Wesley
Pub Date: August 08, 2002
ISBN: 0-201-76176-9, 528 pages

Copyright
Foreword
Introduction
"We're Secure, We Have a Firewall"
Book Organization
A Final Word
Acknowledgments
Contributor

Part 1. The E-Commerce Playground

Chapter 1. Web Languages: The Babylon of the 21st Century
Introduction
Languages of the Web
Java
Summary

Chapter 2. Web and Database Servers
Introduction
Web Servers
Database Servers
Summary

Chapter 3. Shopping Carts and Payment Gateways
Introduction
Evolution of the Storefront
Electronic Shopping
Shopping Cart Systems
Implementation of a Shopping Cart Application
Examples of Poorly Implemented Shopping Carts
Processing Payments
Overview of the Payment Processing System
Interfacing with a Payment Gateway—An Example
Payment System Implementation Issues
PayPal—Enabling Individuals to Accept Electronic Payments
Summary

Chapter 4. HTTP and HTTPS: The Hacking Protocols
Introduction
Protocols of the Web
Summary

Chapter 5. URL: The Web Hacker's Sword
Introduction
URL Structure
URLs and Parameter Passing
URL Encoding
Abusing URL Encoding
HTML Forms
Summary

Part 2. URLs Unraveled

Chapter 6. Web: Under (the) Cover
Introduction
The Components of a Web Application
Wiring the Components
Connecting with the Database
Specialized Web Application Servers
Identifying Web Application Components from URLs
The Basics of Technology Identification
Advanced Techniques for Technology Identification
Identifying Database Servers
Countermeasures
Summary

Chapter 7. Reading Between the Lines
Introduction
Information Leakage Through HTML
What the Browsers Don't Show You
Clues to Look For
HTML Comments
Internal and External Hyperlinks
E-Mail Addresses and Usernames
Keywords and Meta Tags
Hidden Fields
Client-Side Scripts
Automated Source Sifting Techniques
Sam Spade, Black Widow, and Teleport Pro
Summary

Chapter 8. Site Linkage Analysis
Introduction
HTML and Site Linkage Analysis
Site Linkage Analysis Methodology
Step 1: Crawling the Web Site
Step 2: Creating Logical Groups Within the Application Structure
Step 3: Analyzing Each Web Resource
Step 4: Inventorying Web Resources
Summary

Part 3. How Do They Do It?

Chapter 9. Cyber Graffiti
Introduction
Defacing Acme Travel, Inc.'s Web Site
What Went Wrong?
HTTP Brute-Forcing Tools
Countermeasures Against the Acme Travel, Inc. Hack
Summary

Chapter 10. E-Shoplifting
Introduction
Building an Electronic Store
Evolution of Electronic Storefronts
Robbing Acme Fashions, Inc.
Overhauling www.acme-fashions.com
Postmortem and Further Countermeasures
Summary

Chapter 11. Database Access
Introduction
A Used Car Dealership Is Hacked
Countermeasures
Summary

Chapter 12. Java: Remote Command Execution
Introduction
Java-Driven Technology
Attacking a Java Web Server
Identifying Loopholes in Java Application Servers
Countermeasures
Summary

Chapter 13. Impersonation
Introduction
Session Hijacking: A Stolen Identity and a Broken Date
Session Hijacking
Postmortem of the Session Hijacking Attack
Application State Diagrams
HTTP and Session Tracking
Stateless Versus Stateful Applications
Cookies and Hidden Fields
Implementing Session and State Tracking
Summary

Chapter 14. Buffer Overflows: On-the-Fly
Introduction
Buffer Overflows
Postmortem Countermeasures
Summary

Part 4. Advanced Web Kung Fu

Chapter 15. Web Hacking: Automated Tools
Introduction
Netcat
Whisker
Brutus
Achilles
Cookie Pal
Teleport Pro
Security Recommendations
Summary

Chapter 16. Worms
Introduction
Code Red Worm
Summary

Chapter 17. Beating the IDS
Introduction
IDS Basics
IDS Accuracy
Getting Past an IDS
Secure Hacking—Hacking Over SSL
Polymorphic URLs
Generating False Positives
Potential Countermeasures
Summary

Appendix A. Web and Database Port Listing
Appendix B. HTTP/1.1 and HTTP/1.0 Method and Field Definitions
Appendix C. Remote Command Execution Cheat Sheet
Appendix D. Source Code, File, and Directory Disclosure Cheat Sheet
Appendix E. Resources and Links
Appendix F. Web-Related Tools


Download

Another Hacker Books

No comments:

Post a Comment

Related Posts with Thumbnails
There was an error in this gadget

Put Your Ads Here!
There was an error in this gadget