The Web Application Hackers Handbook 2nd Edition by Dafydd Stuttard, Marcus Pinto – Ebook PDF Instant Download/Delivery: 1118175248, 978-1118175248
Full download The Web Application Hackers Handbook 2nd edition after payment
Product details:
ISBN 10: 1118175248
ISBN 13: 978-1118175248
Author: Dafydd Stuttard, Marcus Pinto
The highly successful security book returns with a new edition, completely updated
Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You’ll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.
The Web Application Hackers Handbook 2nd Table of contents:
Chapter 1 Web Application (In)security
The Evolution of Web Applications
Web Application Security
Summary
Chapter 2 Core Defense Mechanisms
Handling User Access
Handling User Input
Handling Attackers
Managing the Application
Summary
Questions
Chapter 3 Web Application Technologies
The HTTP Protocol
Web Functionality
Encoding Schemes
Next Steps
Questions
Chapter 4 Mapping the Application
Enumerating Content and Functionality
Analyzing the Application
Summary
Questions
Chapter 5 Bypassing Client-Side Controls
Transmitting Data Via the Client
Capturing User Data: HTML Forms
Capturing User Data: Browser Extensions
Handling Client-Side Data Securely
Summary
Questions
Chapter 6 Attacking Authentication
Authentication Technologies
Design Flaws in Authentication Mechanisms
Implementation Flaws in Authentication
Securing Authentication
Summary
Questions
Chapter 7 Attacking Session Management
The Need for State
Weaknesses in Token Generation
Weaknesses in Session Token Handling
Securing Session Management
Summary
Questions
Chapter 8 Attacking Access Controls
Common Vulnerabilities
Attacking Access Controls
Securing Access Controls
Summary
Questions
Chapter 9 Attacking Data Stores
Injecting into Interpreted Contexts
Injecting into SQL
Injecting into NoSQL
Injecting into XPath
Injecting into LDAP
Summary
Questions
Chapter 10 Attacking Back-End Components
Injecting OS Commands
Manipulating File Paths
Injecting into XML Interpreters
Injecting into Back-end HTTP Requests
Injecting into Mail Services
Summary
Questions
Chapter 11 Attacking Application Logic
The Nature of Logic Flaws
Real-World Logic Flaws
Avoiding Logic Flaws
Summary
Questions
Chapter 12 Attacking Users: Cross-Site Scripting
Varieties of XSS
XSS Attacks in Action
Finding and Exploiting XSS Vulnerabilities
Preventing XSS Attacks
Summary
Questions
Chapter 13 Attacking Users: Other Techniques
Inducing User Actions
Capturing Data Cross-Domain
The Same-Origin Policy Revisited
Other Client-Side Injection Attacks
Local Privacy Attacks
Attacking ActiveX Controls
Attacking the Browser
Summary
Questions
Chapter 14 Automating Customized Attacks
Uses for Customized Automation
Enumerating Valid Identifiers
Harvesting Useful Data
Fuzzing for Common Vulnerabilities
Putting It All Together: Burp Intruder
Barriers to Automation
Summary
Questions
Chapter 15 Exploiting Information Disclosure
Exploiting Error Messages
Gathering Published Information
Using Inference
Preventing Information Leakage
Summary
Questions
Chapter 16 Attacking Native Compiled Applications
Buffer Overflow Vulnerabilities
Integer Vulnerabilities
Format String Vulnerabilities
Summary
Questions
Chapter 17 Attacking Application Architecture
Tiered Architectures
Shared Hosting and Application Service Providers
Summary
Questions
Chapter 18 Attacking the Application Server
Vulnerable Server Configuration
Vulnerable Server Software
Web Application Firewalls
Summary
Questions
Chapter 19 Finding Vulnerabilities in Source Code
Approaches to Code Review
Signatures of Common Vulnerabilities
The Java Platform
ASP.NET
PHP
Perl
JavaScript
Database Code Components
Tools for Code Browsing
Summary
Questions
Chapter 20 A Web Application Hacker’s Toolkit
Web Browsers
Integrated Testing Suites
Standalone Vulnerability Scanners
Other Tools
Summary
Chapter 21 A Web Application Hacker’s Methodology
General Guidelines
Map the Application’s Content
Analyze the Application
Test Client-Side Controls
Test the Authentication Mechanism
Test the Session Management Mechanism
Test Access Controls
Test for Input-Based Vulnerabilities
Test for Function-Specific Input Vulnerabilities
Test for Logic Flaws
Test for Shared Hosting Vulnerabilities
Test for Application Server Vulnerabilities
Miscellaneous Checks
Follow Up Any Information Leakage
People also search for The Web Application Hackers Handbook 2nd :
the web application hacker’s handbook in hindi
the web application hacker’s handbook in pdf
web application hacker’s handbook by wiley
the web application hacker’s handbook by dafydd stuttard pdf download
the web application hacker’s handbook by dafydd
Tags: Dafydd Stuttard, Marcus Pinto, The Web, Hackers Handbook