Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
內容描述
Description
Lock down next-generation Web services
"This book concisely identifies the types of attacks which are faced daily
by Web 2.0 sites, and the authors give solid, practical advice on how to
identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior
Director of Security, Facebook
Protect your Web 2.0 architecture against the latest wave of cybercrime
using expert tactics from Internet security professionals. Hacking Exposed
Web 2.0 shows how hackers perform reconnaissance, choose their entry
point, and attack Web 2.0-based services, and reveals detailed countermeasures
and defense techniques. You'll learn how to avoid injection and buffer
overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and
XML-driven applications. Real-world case studies illustrate social networking
site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7
shortcomings.
Plug security holes in Web 2.0 implementations the proven Hacking
Exposed way
Learn how hackers target and abuse vulnerable Web 2.0 applications,
browsers, plug-ins, online databases, user inputs, and HTML forms
Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection
attacks
Circumvent XXE, directory traversal, and buffer overflow exploits
Learn XSS and Cross-Site Request Forgery methods attackers use to bypass
browser security controls
Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
Use input validators and XML classes to reinforce ASP and .NET security
Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web
Remoting, Sajax, and GWT Web applications
Mitigate ActiveX security exposures using SiteLock, code signing, and
secure controls
Find and fix Adobe Flash vulnerabilities
and DNS rebinding attacks
Table of Contents
Foreword Acknowledgments Introduction Part I: Attacking Web 2.0
Chapter 1. Common Injection Attacks Chapter 2. Cross-Site Scripting
Part II: Next Generation Web Application Attacks Chapter 3.
Cross-Domain Attacks Chapter 4. Malicious JavaScript and AJAX Chapter
- .Net Security Part III: AJAX Chapter 6. AJAX Types, Discovery, and
Parameter Manipulation Chapter 7. AJAX Framework Exposures Part IV:
Thick Clients Chapter 8. ActiveX Security Chapter 9. Attacking Flash
Applications
Index
_@9789864347414_https://static.coderbridge.com/images/books/9789864347414.jpg)
_@9789865029869_https://static.coderbridge.com/images/books/9789865029869.jpg)