Buy The Web Application Hacker's Handbook at Bookstore UAE
Logo1
close menu
Bookswagon
search
My Account
Home icon Home
Account Icon Account
Wishlist Icon Wishlist
Cart Icon Cart
humburger icon Categories
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Home > Computing and Information Technology > Computer networking and communications > Network security > The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws


     0     
5
4
3
2
1
Write Reviews


Available


X

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Finding and Exploiting Security Flaws
Format: Paperback

About the Book

The highly successful security book returns with a new edition, completely updated

Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

  • Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
  • Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
  • Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks

Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.




Table of Contents:

Introduction xxiii

Chapter 1 Web Application (In)security 1

The Evolution of Web Applications 2

Web Application Security 6

Summary 15

Chapter 2 Core Defense Mechanisms 17

Handling User Access 18

Handling User Input 21

Handling Attackers 30

Managing the Application 35

Summary 36

Questions 36

Chapter 3 Web Application Technologies 39

The HTTP Protocol 39

Web Functionality 51

Encoding Schemes 66

Next Steps 70

Questions 71

Chapter 4 Mapping the Application 73

Enumerating Content and Functionality 74

Analyzing the Application 97

Summary 114

Questions 114

Chapter 5 Bypassing Client-Side Controls 117

Transmitting Data Via the Client 118

Capturing User Data: HTML Forms 127

Capturing User Data: Browser Extensions 133

Handling Client-Side Data Securely 154

Summary 156

Questions 157

Chapter 6 Attacking Authentication 159

Authentication Technologies 160

Design Flaws in Authentication Mechanisms 161

Implementation Flaws in Authentication 185

Securing Authentication 191

Summary 201

Questions 202

Chapter 7 Attacking Session Management 205

The Need for State 206

Weaknesses in Token Generation 210

Weaknesses in Session Token Handling 233

Securing Session Management 248

Summary 254

Questions 255

Chapter 8 Attacking Access Controls 257

Common Vulnerabilities 258

Attacking Access Controls 266

Securing Access Controls 278

Summary 284

Questions 284

Chapter 9 Attacking Data Stores 287

Injecting into Interpreted Contexts 288

Injecting into SQL 291

Injecting into NoSQL 342

Injecting into XPath 344

Injecting into LDAP 349

Summary 354

Questions 354

Chapter 10 Attacking Back-End Components 357

Injecting OS Commands 358

Manipulating File Paths 368

Injecting into XML Interpreters 383

Injecting into Back-end HTTP Requests 390

Injecting into Mail Services 397

Summary 402

Questions 403

Chapter 11 Attacking Application Logic 405

The Nature of Logic Flaws 406

Real-World Logic Flaws 406

Avoiding Logic Flaws 428

Summary 429

Questions 430

Chapter 12 Attacking Users: Cross-Site Scripting 431

Varieties of XSS 433

XSS Attacks in Action 442

Finding and Exploiting XSS Vulnerabilities 451

Preventing XSS Attacks 492

Summary 498

Questions 498

Chapter 13 Attacking Users: Other Techniques 501

Inducing User Actions 501

Capturing Data Cross-Domain 515

The Same-Origin Policy Revisited 524

Other Client-Side Injection Attacks 531

Local Privacy Attacks 550

Attacking ActiveX Controls 555

Attacking the Browser 559

Summary 568

Questions 568

Chapter 14 Automating Customized Attacks 571

Uses for Customized Automation 572

Enumerating Valid Identifiers 573

Harvesting Useful Data 583

Fuzzing for Common Vulnerabilities 586

Putting It All Together: Burp Intruder 590

Barriers to Automation 602

Summary 613

Questions 613

Chapter 15 Exploiting Information Disclosure 615

Exploiting Error Messages 615

Gathering Published Information 625

Using Inference 626

Preventing Information Leakage 627

Summary 629

Questions 630

Chapter 16 Attacking Native Compiled Applications 633

Buffer Overflow Vulnerabilities 634         

Integer Vulnerabilities 640

Format String Vulnerabilities 643

Summary 645

Questions 645

Chapter 17 Attacking Application Architecture 647

Tiered Architectures 647

Shared Hosting and Application Service Providers 656

Summary 667

Questions 667

Chapter 18 Attacking the Application Server 669

Vulnerable Server Configuration 670

Vulnerable Server Software 684

Web Application Firewalls 697

Summary 699

Questions 699

Chapter 19 Finding Vulnerabilities in Source Code 701

Approaches to Code Review 702

Signatures of Common Vulnerabilities 704

The Java Platform 711

ASP.NET 718

PHP 724

Perl 735

JavaScript 740

Database Code Components 741

Tools for Code Browsing 743

Summary 744

Questions 744

Chapter 20 A Web Application Hacker’s Toolkit 747

Web Browsers 748

Integrated Testing Suites 751

Standalone Vulnerability Scanners 773

Other Tools 785

Summary 789

Chapter 21 A Web Application Hacker’s Methodology 791

General Guidelines 793

1 Map the Application’s Content 795

2 Analyze the Application 798

3 Test Client-Side Controls 800

4 Test the Authentication Mechanism 805

5 Test the Session Management Mechanism 814

6 Test Access Controls 821

7 Test for Input-Based Vulnerabilities 824

8 Test for Function-Specific Input Vulnerabilities 836

9 Test for Logic Flaws 842

10 Test for Shared Hosting Vulnerabilities 845

11 Test for Application Server Vulnerabilities 846

12 Miscellaneous Checks 849

13 Follow Up Any Information Leakage 852

Index 853



About the Author :
DAFYDD STUTTARD is an independent security consultant, author, and software developer specializing in penetration testing of web applications and compiled software. Under the alias PortSwigger, Dafydd created the popular Burp Suite of hacking tools.

MARCUS PINTO delivers security consultancy and training on web application attack and defense to leading global organizations in the financial, government, telecom, gaming, and retail sectors.
The authors cofounded MDSec, a consulting company that provides training in attack and defense-based security.

Best Sellers

See All
Too Good To Be True
Quick View

Too Good To Be True Prajakta Koli

4.3 (6)

AED33

Thank You for Leaving
Quick View

Thank You for Leaving Rithvik Singh

2 (5)

AED36

Atomic Habits (EXP)
Quick View

Atomic Habits (EXP) James Clear

No Review Yet

AED101

My First Library: Boxset of 10 Board Books for Kids
Quick View

My First Library: Boxset of 10 Board Books for Kids

4.1 (8)

AED66

Dopamine Detox
Quick View

Dopamine Detox Thibaut Meurisse

No Review Yet

AED35

Money Myths and Mantras
Quick View

Money Myths and Mantras Devina Mehra

4.7 (3)

AED48

Meditations
Quick View

Meditations Marcus Aurelius

4.3 (6)

AED43

Harry Potter Box Set: The Complete Collection (Children’s Paperback)
Quick View

Harry Potter Box Set: The Complete Collection (Children’s Paperback) J.K. Rowling

4.3 (8)

AED246

Atomic Habits
Quick View

Atomic Habits James Clear

4.6 (5)

AED62

The Art of Being Alone
Quick View

The Art of Being Alone Renuka Gavrani

5 (6)

AED47

Animals Tales From Panchtantra: Timeless Stories For Children From Ancient India
Quick View

Animals Tales From Panchtantra: Timeless Stories For Children From Ancient India

4.5 (10)

AED47

My First Book of Patterns Pencil Control: Patterns Practice book for kids (Pattern Writing)
Quick View

My First Book of Patterns Pencil Control: Patterns Practice book for kids (Pattern Writing)

4.6 (8)

AED21

Product Details
  • ISBN-13: 9781118026472
  • Publisher: John Wiley & Sons Inc
  • Publisher Imprint: John Wiley & Sons Inc
  • Height: 231 mm
  • No of Pages: 912
  • Returnable: N
  • Sub Title: Finding and Exploiting Security Flaws
  • Width: 188 mm
  • ISBN-10: 1118026470
  • Publisher Date: 07 Oct 2011
  • Binding: Paperback
  • Language: English
  • Returnable: N
  • Spine Width: 48 mm
  • Weight: 1686 gr

Similar Products

Add Photo
Add Photo

Customer Reviews

REVIEWS      0     
Click Here To Be The First to Review this Product
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
John Wiley & Sons Inc -
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Writing guidlines
We want to publish your review, so please:
  • keep your review on the product. Review's that defame author's character will be rejected.
  • Keep your review focused on the product.
  • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
  • Refrain from mentioning competitors or the specific price you paid for the product.
  • Do not include any personally identifiable information, such as full names.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

Required fields are marked with *

Review Title*
Review
    Add Photo Add up to 6 photos
    Would you recommend this product to a friend?
    Tag this Book Read more
    Does your review contain spoilers?
    What type of reader best describes you?
    I agree to the terms & conditions
    You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

    CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

    These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


    By submitting any content to Bookswagon, you guarantee that:
    • You are the sole author and owner of the intellectual property rights in the content;
    • All "moral rights" that you may have in such content have been voluntarily waived by you;
    • All content that you post is accurate;
    • You are at least 13 years old;
    • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
    You further agree that you may not submit any content:
    • That is known by you to be false, inaccurate or misleading;
    • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
    • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
    • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
    • For which you were compensated or granted any consideration by any unapproved third party;
    • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
    • That contains any computer viruses, worms or other potentially damaging computer programs or files.
    You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


    For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


    All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

    Accept

    See All

    Inspired by your browsing history


    Your review has been submitted!

    You've already reviewed this product!
    Hello, User