The only way to stop a hacker is to think like one!The World Wide Web Consortium's Extensible Markup Language (XML) is quickly becoming the new standard for data formatting and Internet development. XML is expected to be as important to the future of the Web as HTML has been to the foundation of the Web, and has proven itself to be the most common tool for all data manipulation and data transmission. Hack Proofing XML provides readers with hands-on instruction for how to secure the Web transmission and access of their XML data. This book will also introduce database administrators, web developers and web masters to ways they can use XML to secure other applications and processes.The first book to incorporate standards from both the Security Services Markup Language (S2ML) and the Organization for the Advancement of Structured Information Standards (OASIS) in one comprehensive bookCovers the four primary security objectives: Confidentiality, Integrity, Authentication and Non-repudiationNot only shows readers how to secure their XML data, but describes how to provide enhanced security for a broader range of applications and processes
Sprache
Verlagsort
ISBN-13
978-0-08-047815-9 (9780080478159)
Schweitzer Klassifikation
Foreword Chapter 1 The Zen of Hack Proofing Introduction Learning to Appreciate the Tao of the Hack Hacker Cracker Script Kiddie Phreaker Black Hat,White Hat,What's the Difference Gray Hat The Role of the Hacker Criminal Magician Security Professional Consumer Advocate Civil Rights Activist Cyber Warrior Motivations of a Hacker Recognition Admiration Curiosity Power and Gain Revenge The Hacker Code Summary Solutions Fast Track Frequently Asked Questions Chapter 2 Classes of Attack Introduction Identifying and Understanding the Classes of Attack Denial of Service Information Leakage Regular File Access Misinformation Special File/Database Access Remote Arbitrary Code Execution Elevation of Privileges Identifying Methods of Testing for Vulnerabilities Proof of Concept Standard Research Techniques Summary Solutions Fast Track Frequently Asked Questions Chapter 3 Reviewing the Fundamentals of XML Introduction An Overview of XML The Goals of XML What Does an XML Document Look Like Creating an XML Document Well-Formed XML Documents Transforming XML through XSLT XSL Use of Patterns XPath Summary Solutions Fast Track Frequently Asked QuestionsChapter 4 Document Type: The Validation Gateway Introduction Document Type Definitions and Well-Formed XML Documents Schema and Valid XML Documents XML Schema Data Types Learning About Plain-Text Attacks Plain-Text Attacks Understanding How Validation Is Processed in XML Validate the Input Text Canonicalization Validating Unicode Validate the Document or Message Is the XML Well Formed Using DTDs for Verifying the Proper Structure Using Schema for Data Consistency Online Validation Methods and Mechanisms Summary Solutions Fast Track Frequently Asked Questions Chapter 5 XML Digital Signatures Introduction Understanding How a Digital Signature Works Basic Digital Signature and Authentication Concepts Applying XML Digital Signatures to Security Examples of XML Signatures Signing Parts of Documents Using XPath to Transform a Document Using XSLT to Transform a Document Using Manifests to Manage Lists of Signed Elements Establishing Identity By Using X509 Required and Recommended Algorithms Cautions and Pitfalls Vendor Toolkits Summary Solutions Fast Track Frequently Asked Questions Chapter 6 Encryption in XML Introduction Understanding the Role of Encryption in Messaging Security Security Needs of Messaging Encryption Methods Learning How to Apply Encryption to XML XML Transforms Before Encryption Flowchart of Encryption Process Understanding Practical Usage of Encryption Signing in Plain Text, Not Cipher Text Cipher Text Cannot Validate Plain Text Encryption Might Not Be Collision Resistant Summary Solutions Fast Track Frequently Asked Questions Chapter 7 Role-Based Access Control Introduction Learning About Stateful Inspection Packet Filtering Application Layer Gateway The FTP Process Firewall Technologies and XML First,You Inspect the State Evaluating State Changes Default Behavior Affects Security Learning About Role-Based Access Control and Type Enforcement Implementations NSA:The Flask Architecture SELinux Applying Role-Based Access Control Ideas in XML
