Title:
Web application defender's cookbook : battling hackers and protecting users
Personal Author:
Edition:
1st ed.
Publication Information:
Indianapolis, I.N. : Wiley Pub., Inc., 2013
Physical Description:
xxix, 522 p. : ill. ; 24 cm.
ISBN:
9781118362181
General Note:
Includes index
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010320926 | QA76.9.A25 B377 2013 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Defending your web applications against hackers and attackers
The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend . Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.
Each "recipe" shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.
Provides practical tactics for detecting web attacks and malicious behavior and defending against them Written by a preeminent authority on web application firewall technology and web application defense tactics Offers a series of "recipes" that include working code examples for the open-source ModSecurity web application firewall moduleFind the tools, techniques, and expert information you need to detect and respond to web application attacks with Web Application Defender's Cookbook: Battling Hackers and Protecting Users .
Author Notes
Ryan Barnett is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences.
Table of Contents
| Foreword | p. xix |
| Introduction | p. xxiii |
| I Preparing the Battle Space | p. 1 |
| 1 Application Fortification | p. 7 |
| Recipe 1-1 Real-time Application Profiling | p. 7 |
| Recipe 1-2 Preventing Data Manipulation with Cryptographic Hash Tokens | p. 15 |
| Recipe 1-3 Installing the OWASP ModSecurity Core Rule Set (CRS) | p. 19 |
| Recipe 1-4 Integrating Intrusion Detection System Signatures | p. 33 |
| Recipe 1-5 Using Bayesian Attack Payload Detection | p. 38 |
| Recipe 1-6 Enable Full HTTP Audit Logging | p. 48 |
| Recipe 1-7 Logging Only Relevant Transactions | p. 52 |
| Recipe 1-8 Ignoring Requests for Static Content | p. 53 |
| Recipe 1-9 Obscuring Sensitive Data in Logs | p. 54 |
| Recipe 1-10 Sending Alerts to a Central Log Host Using Syslog | p. 58 |
| Recipe 1-11 Using the ModSecurity AuditConsole | p. 60 |
| 2 Vulnerability Identification and Remediation | p. 67 |
| Recipe 2-1 Passive Vulnerability Identification | p. 70 |
| Recipe 2-2 Active Vulnerability Identification | p. 79 |
| Recipe 2-3 Manual Scan Result Conversion | p. 88 |
| Recipe 2-4 Automated Scan Result Conversion | p. 92 |
| Recipe 2-5 Real-time Resource Assessments and Virtual Patching | p. 99 |
| 3 Poisoned Pawns (Hacker Traps) | p. 115 |
| Recipe 3-1 Adding Honeypot Ports | p. 116 |
| Recipe 3-2 Adding Fake robots.txt Disallow Entries | p. 118 |
| Recipe 3-3 Adding Fake HTML Comments | p. 123 |
| Recipe 3-4 Adding Fake Hidden Form Fields | p. 128 |
| Recipe 3-5 Adding Fake Cookies | p. 131 |
| II Asymmetric Warfare | p. 137 |
| 4 Reputation and Third-Party Correlation | p. 139 |
| Recipe 4-1 Analyzing the Client's Geographic Location Data | p. 141 |
| Recipe 4-2 Identifying Suspicious Open Proxy Usage | p. 147 |
| Recipe 4-3 Utilizing Real-time Blacklist Lookups (RBL) | p. 150 |
| Recipe 4-4 Running Your Own RBL | p. 157 |
| Recipe 4-5 Detecting Malicious Links | p. 160 |
| 5 Request Data Analysis | p. 171 |
| Recipe 5-1 Request Body Access | p. 172 |
| Recipe 5-2 Identifying Malformed Request Bodies | p. 178 |
| Recipe 5-3 Normalizing Unicode | p. 182 |
| Recipe 5-4 Identifying Use of Multiple Encodings | p. 186 |
| Recipe 5-5 Identifying Encoding Anomalies | p. 189 |
| Recipe 5-6 Detecting Request Method Anomalies | p. 193 |
| Recipe 5-7 Detecting Invalid URI Data | p. 197 |
| Recipe 5-8 Detecting Request Header Anomalies | p. 200 |
| Recipe 5-9 Detecting Additional Parameters | p. 209 |
| Recipe 5-10 Detecting Missing Parameters | p. 212 |
| Recipe 5-11 Detecting Duplicate Parameter Names | p. 214 |
| Recipe 5-12 Detecting Parameter Payload Size Anomalies | p. 216 |
| Recipe 5-13 Detecting Parameter Character Class Anomalies | p. 219 |
| 6 Response Data Analysis | p. 223 |
| Recipe 6-1 Detecting Response Header Anomalies | p. 224 |
| Recipe 6-2 Detecting Response Header Information Leakages | p. 234 |
| Recipe 6-3 Response Body Access | p. 238 |
| Recipe 6-4 Detecting Page Title Changes | p. 240 |
| Recipe 6-5 Detecting Page Size Deviations | p. 243 |
| Recipe 6-6 Detecting Dynamic Content Changes | p. 246 |
| Recipe 6-7 Detecting Source Code Leakages | p. 249 |
| Recipe 6-8 Detecting Technical Data Leakages | p. 253 |
| Recipe 6-9 Detecting Abnormal Response Time Intervals | p. 256 |
| Recipe 6-10 Detecting Sensitive User Data Leakages | p. 259 |
| Recipe 6-11 Detecting Trojan, Backdoor, and Webshell Access Attempts | p. 262 |
| 7 Defending Authentication | p. 265 |
| Recipe 7-1 Detecting the Submission of Common/Default Usernames | p. 266 |
| Recipe 7-2 Detecting the Submission of Multiple Usernames | p. 269 |
| Recipe 7-3 Detecting Failed Authentication Attempts | p. 272 |
| Recipe 7-4 Detecting a High Rate of Authentication Attempts | p. 274 |
| Recipe 7-5 Normalizing Authentication Failure Details | p. 280 |
| Recipe 7-6 Enforcing Password Complexity | p. 283 |
| Recipe 7-7 Correlating Usernames with SessionIDs | p. 286 |
| 8 Defending Session State | p. 291 |
| Recipe 8-1 Detecting Invalid Cookies | p. 291 |
| Recipe 8-2 Detecting Cookie Tampering | p. 297 |
| Recipe 8-3 Enforcing Session Timeouts | p. 302 |
| Recipe 8-4 Detecting Client Source Location Changes During Session Lifetime | p. 307 |
| Recipe 8-5 Detecting Browser Fingerprint Changes During Sessions | p. 314 |
| 9 Preventing Application Attacks | p. 323 |
| Recipe 9-1 Blocking Non-ASCII Characters | p. 323 |
| Recipe 9-2 Preventing Path-Traversal Attacks | p. 327 |
| Recipe 9-3 Preventing Forceful Browsing Attacks | p. 330 |
| Recipe 9-4 Preventing SQL Injection Attacks | p. 332 |
| Recipe 9-5 Preventing Remote File Inclusion (RFI) Attacks | p. 336 |
| Recipe 9-6 Preventing OS Commanding Attacks | p. 340 |
| Recipe 9-7 Preventing HTTP Request Smuggling Attacks | p. 342 |
| Recipe 9-8 Preventing HTTP Response Splitting Attacks | p. 345 |
| Recipe 9-9 Preventing XML Attacks | p. 347 |
| 10 Preventing Client Attacks | p. 353 |
| Recipe 10-1 Implementing Content Security Policy (CSP) | p. 353 |
| Recipe 10-2 Preventing Cross-Site Scripting (XSS) Attacks | p. 362 |
| Recipe 10-3 Preventing Cross-Site Request Forgery (CSRF) Attacks | p. 371 |
| Recipe 10-4 Preventing UI Redressing (Clickjacking) Attacks | p. 377 |
| Recipe 10-5 Detecting Banking Trojan (Man-in-the-Browser) Attacks | p. 381 |
| 11 Defending File Uploads | p. 387 |
| Recipe 11-1 Detecting Large File Sizes | p. 387 |
| Recipe 11-2 Detecting a Large Number of Files | p. 389 |
| Recipe 11-3 Inspecting File Attachments for Malware | p. 390 |
| 12 Enforcing Access Rate and Application Flows | p. 395 |
| Recipe 12-1 Detecting High Application Access Rates | p. 395 |
| Recipe 12-2 Detecting Request/Response Delay Attacks | p. 405 |
| Recipe 12-3 Identifying Inter-Request Time Delay Anomalies | p. 411 |
| Recipe 12-4 Identifying Request Flow Anomalies | p. 413 |
| Recipe 12-5 Identifying a Significant Increase in Resource Usage | p. 414 |
| III Tactical Response | p. 419 |
| 13 Passive Response Actions | p. 421 |
| Recipe 13-1 Tracking Anomaly Scores | p. 421 |
| Recipe 13-2 Trap and Trace Audit Logging | p. 427 |
| Recipe 13-3 Issuing E-mail Alerts | p. 428 |
| Recipe 13-4 Data Sharing with Request Header Tagging | p. 436 |
| 14 Active Response Actions | p. 441 |
| Recipe 14-1 Using Redirection to Error Pages | p. 442 |
| Recipe 14-2 Dropping Connections | p. 445 |
| Recipe 14-3 Blocking the Client Source Address | p. 447 |
| Recipe 14-4 Restricting Geolocation Access Through Defense Condition (DefCon) Level Changes | p. 452 |
| Recipe 14-5 Forcing Transaction Delays | p. 455 |
| Recipe 14-6 Spoofing Successful Attacks | p. 462 |
| Recipe 14-7 Proxying Traffic to Honeypots | p. 468 |
| Recipe 14-8 Forcing an Application Logout | p. 471 |
| Recipe 14-9 Temporarily Locking Account Access | p. 476 |
| 15 Intrusive Response Actions | p. 479 |
| Recipe 15-1 JavaScript Cookie Testing | p. 479 |
| Recipe 15-2 Validating Users with CAPTCHA Testing | p. 481 |
| Recipe 15-3 Hooking Malicious Clients with BeEF | p. 485 |
| Index | p. 495 |
