Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010191165 | TK5105.59 C36 2008 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
Lock down next-generation Web services
"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook
Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.
Plug security holes in Web 2.0 implementations the proven Hacking Exposed way Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks Circumvent XXE, directory traversal, and buffer overflow exploits Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons Use input validators and XML classes to reinforce ASP and .NET security Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls Find and fix Adobe Flash vulnerabilities and DNS rebinding attacksAuthor Notes
Rich Cannings is a senior information security engineer at Google.
Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization, and the author of several security books.
Zane Lackey is a senior security consultant with iSEC Partners.
Reviews 1
Choice Review
Information security specialists Cannings (Google) and Dwivedi and Lackey (both, iSEC Partners) provide a lively, interesting collection of stories and exploits that exist in the current atmosphere of the Web. The topics include injection attacks, cookie security issues, phishing, cross-domain scripting, and malicious code embedding, and the book addresses all of the major platforms and issues from Flash to Internet Explorer. Each section takes an unabashed look at either a specific vulnerability or a specific exploit without flinching from the actual code and technical issues. This is an excellent work for Web designers and security experts, but it requires familiarity with programming in general and the ability to read code. An exceptionally well-written section of this savvy book addresses the MySpace Samy worm, covering the reasoning all the way through the execution and deconstruction of how the attack was implemented. This is a sharp reminder that security professionals need to think like outlaws to keep the borders secure. The security expertise in this book is evident and much needed, but readers are never just left in the dust as long as they can meet the authors at the foundational level. Summing Up: Recommended. Upper-division undergraduates through professionals. T. D. Richardson South University
Table of Contents
| Foreword |
| Acknowledgments |
| Introduction |
| Part I Attacking Web 2.0 |
| Chapter 1 Common Injection Attacks |
| Chapter 2 Cross-Site Scripting |
| Part II Next Generation Web Application Attacks |
| Chapter 3 Cross-Domain Attacks |
| Chapter 4 Malicious JavaScript and AJAX |
| Chapter 5 Net Security |
| Part III AJAX |
| Chapter 6 AJAX Types, Discovery, and Parameter Manipulation |
| Chapter 7 AJAX Framework Exposures |
| Part IV Thick Clients |
| Chapter 8 ActiveX Security |
| Chapter 9 Attacking Flash Applications |
| Index |
