Seven Deadliest Web Application Attacks
Published on 3. May 2010
Book
Paperback/Softback
192 pages
978-1-59749-543-1 (ISBN)
Description
Seven Deadliest Web Application Attacks highlights the vagaries of web security by discussing the seven deadliest vulnerabilities exploited by attackers. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.
Each chapter presents examples of different attacks conducted against web sites. The methodology behind the attack is explored, showing its potential impact. The chapter then moves on to address possible countermeasures for different aspects of the attack. The book consists of seven chapters that cover the following: the most pervasive and easily exploited vulnerabilities in web sites and web browsers; Structured Query Language (SQL) injection attacks; mistakes of server administrators that expose the web site to attack; brute force attacks; and logic attacks. The ways in which malicious software malware has been growing as a threat on the Web are also considered.
This book is intended for information security professionals of all levels, as well as web application developers and recreational hackers.
Each chapter presents examples of different attacks conducted against web sites. The methodology behind the attack is explored, showing its potential impact. The chapter then moves on to address possible countermeasures for different aspects of the attack. The book consists of seven chapters that cover the following: the most pervasive and easily exploited vulnerabilities in web sites and web browsers; Structured Query Language (SQL) injection attacks; mistakes of server administrators that expose the web site to attack; brute force attacks; and logic attacks. The ways in which malicious software malware has been growing as a threat on the Web are also considered.
This book is intended for information security professionals of all levels, as well as web application developers and recreational hackers.
Reviews / Votes
"Author Mike Shema explains potential vulnerabilities and offers case studies based on actual attacks, looking at the topic from a forensic perspective to devise proper preventive measures. This is where the series will endear itself to Web application developers and to security professionals in particular.... This set of books assumes some basic familiarity with the Web. It should, however, appeal to all security professionals, from top-level executives and IT experts to the lowest rung of managers."--Security Management"For the reader engaged in professional testing of this type the explanation of the issues and mitigation strategies will provide an ideal starting point for educating and advising clients.... For any reader looking for a sound basic introduction to web application security testing without wanting to spend too much this book can be recommended as an ideal place to start."--BCS British Computer Society
More details
Language
English
Place of publication
Rockland, MA
United States
Target group
Professional and scholarly
Information security professionals of all levels; web application developers; recreational hackers
Product notice
Paperback (trade)
Illustrations
Illustrated; Illustrations
Dimensions
Height: 233 mm
Width: 191 mm
Thickness: 18 mm
Weight
405 gr
ISBN-13
978-1-59749-543-1 (9781597495431)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Mike Shema
Seven Deadliest Web Application Attacks
E-Book
02/2010
Syngress
€19.95
Available for download
Person
Mike Shema develops web application security solutions at Qualys, Inc. His current work is focused on an automated web assessment service. Mike previously worked as a security consultant and trainer for Foundstone where he conducted information security assessments across a range of industries and technologies. His security background ranges from network penetration testing, wireless security, code review, and web security. He is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit and the author of Hack Notes: Web Application Security. In addition to writing, Mike has presented at security conferences in the U.S., Europe, and Asia.
Content
Introduction
Chapter 1. Cross-Site Scripting (XSS)
Chapter 2. Cross-Site Request Forgery (CSRF)
Chapter 3. SQL Injection
Chapter 4. Server Misconfiguration and Predictable Pages
Chapter 5. Breaking Authentication Schemes
Chapter 6. Logic Attacks
Chapter 7. Web of Distrust
Chapter 1. Cross-Site Scripting (XSS)
Chapter 2. Cross-Site Request Forgery (CSRF)
Chapter 3. SQL Injection
Chapter 4. Server Misconfiguration and Predictable Pages
Chapter 5. Breaking Authentication Schemes
Chapter 6. Logic Attacks
Chapter 7. Web of Distrust