Hack Proofing Your Web Applications

Foreword Chapter 1 Hacking Methodology Introduction Understanding the Terms A Brief History of Hacking Phone System Hacking Computer Hacking What Motivates a Hacker Ethical Hacking versus Malicious Hacking Working with Security Professionals Understanding Current Attack Types DoS/DDoS Virus Hacking Stealing Recognizing Web Application Security Threats Hidden Manipulation Parameter Tampering Cross-Site Scripting Buffer Overflow Cookie Poisoning Preventing Break-Ins by Thinking Like a Hacker Summary Solutions Fast Track Frequently Asked Questions Chapter 2 How to Avoid Becoming a "Code Grinder Introduction What Is a Code Grinder Following the Rules Thinking Creatively When Coding Allowing for Thought Security from the Perspective of a Code Grinder Coding in a Vacuum Building Functional and Secure Web Applications But My Code Is Functional Summary Solutions Fast Track Frequently Asked Questions Chapter 3 Understanding the Risks Associated with Mobile Code Introduction Recognizing the Impact of Mobile Code Attacks Browser Attacks Mail Client Attacks Malicious Scripts or Macros Identifying Common Forms of Mobile Code Macro Languages:Visual Basic for Applications (VBA) JavaScript VBScript Java Applets ActiveX Controls E-Mail Attachments and Downloaded Executables Protecting Your System from Mobile Code Attacks Security Applications Web-Based Tools Summary Solutions Fast Track Frequently Asked Questions Chapter 4 Vulnerable CGI Scripts Introduction What Is a CGI Script, and What Does It Do Typical Uses of CGI Scripts When Should You Use CGI Break-Ins Resulting from Weak CGI Scripts How to Write "Tighter CGI Scripts Searchable Index Commands CGI Wrappers Languages for Writing CGI Scripts Unix Shell Perl C/C++ Visual Basic Advantages of Using CGI Scripts Rules for Writing Secure CGI Scripts Storing CGI Scripts Summary Solutions Fast Track Frequently Asked Questions Chapter 5 Hacking Techniques and Tools Introduction A Hacker's Goals Minimize the Warning Signs Maximize the Access Damage, Damage,Damage Turning the Tables The Five Phases of Hacking Creating an Attack Map Building an Execution Plan Establishing a Point of Entry Continued and Further Access The Attack Social Engineering Sensitive Information The Intentional "Back Door Attack Hard-Coding a Back Door Password Exploiting Inherent Weaknesses in Code or Programming Environments The Tools of the Trade Hex Editors Debuggers Disassemblers Summary Solutions Fast Track Frequently Asked Questions Chapter 6 Code Auditing and Reverse Engineering Introduction How to Efficiently Trace through a Program Auditing and Reviewing Selected Programming Languages Reviewing Java Reviewing Java Server Pages Reviewing Active Server Pages Reviewing Server Side Includes Reviewing Python Reviewing Tool Command Language Reviewing Practical Extraction and Reporting Language Reviewing PHP: Hypertext Preprocessor Reviewing C/C++ Reviewing ColdFusion Looking for Vulnerabilities Getting the Data from the User Looking for Buffer Overflows Checking the Output Given to the User Checking for File System Access/Interaction