Developer's Guide to Web Application Security

Developer's Guide to Web Application Security

by Michael Cross
Released April 2011
Publisher(s): Syngress
ISBN: 9780080504094

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.

This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.
  • The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002
  • Author Michael Cross is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more

Table of contents

  1. Front Cover
  2. Developer's Guide to Web Application Security
  3. Copyright Page (1/2)
  4. Copyright Page (2/2)
  5. Contents (1/2)
  6. Contents (2/2)
  7. Chapter 1. Hacking Methodology
    1. Introduction
    2. A Brief History of Hacking
    3. What Motivates a Hacker?
    4. Understanding Current Attack Types (1/3)
    5. Understanding Current Attack Types (2/3)
    6. Understanding Current Attack Types (3/3)
    7. Recognizing Web Application Security Threats
    8. Preventing Break-Ins by Thinking like a Hacker
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  8. Chapter 2. How to Avoid Becoming a Code Grinder
    1. Introduction
    2. What Is a Code Grinder?
    3. Thinking Creatively when Coding
    4. Security from the Perspective of a Code Grinder
    5. Building Functional and Secure Web Applications (1/3)
    6. Building Functional and Secure Web Applications (2/3)
    7. Building Functional and Secure Web Applications (3/3)
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  9. Chapter 3. Understanding the Risk Associated with Mobile Code
    1. Introduction
    2. Recognizing the Impact of Mobile Code Attacks
    3. Identifying Common Forms of Mobile Code (1/7)
    4. Identifying Common Forms of Mobile Code (2/7)
    5. Identifying Common Forms of Mobile Code (3/7)
    6. Identifying Common Forms of Mobile Code (4/7)
    7. Identifying Common Forms of Mobile Code (5/7)
    8. Identifying Common Forms of Mobile Code (6/7)
    9. Identifying Common Forms of Mobile Code (7/7)
    10. Protecting Your System from Mobile Code Attacks (1/2)
    11. Protecting Your System from Mobile Code Attacks (2/2)
    12. Summary
    13. Solutions Fast Track
    14. Frequently Asked Questions
  10. Chapter 4. Vulnerable CGI Scripts
    1. Introduction
    2. What Is a CGI Script, and What Does It Do?
    3. Break-Ins Resulting from Weak CGI Scripts (1/4)
    4. Break-Ins Resulting from Weak CGI Scripts (2/4)
    5. Break-Ins Resulting from Weak CGI Scripts (3/4)
    6. Break-Ins Resulting from Weak CGI Scripts (4/4)
    7. Languages for Writing CGI Scripts
    8. Advantages of Using CGI Scripts
    9. Rules for Writing Secure CGI Scripts
    10. Summary
    11. Solutions Fast Track
    12. Frequently Asked Questions
  11. Chapter 5. Hacking Techniques and Tools
    1. Introduction
    2. A Hacker’s Goals (1/2)
    3. A Hacker’s Goals (2/2)
    4. The Five Phases of Hacking (1/2)
    5. The Five Phases of Hacking (2/2)
    6. Defacing Web Sites
    7. Social Engineering
    8. The Intentional “Back Door”Attack
    9. Exploiting Inherent Weaknesses in Code or Programming Environments
    10. The Tools of the Trade
    11. Summary
    12. Solutions Fast Track
    13. Frequently Asked Questions
  12. Chapter 6. Code Auditing and Reverse Engineering
    1. Introduction
    2. How to Efficiently Trace through a Program
    3. Auditing and Reviewing Selected Programming Languages
    4. Looking for Vulnerabilities (1/4)
    5. Looking for Vulnerabilities (2/4)
    6. Looking for Vulnerabilities (3/4)
    7. Looking for Vulnerabilities (4/4)
    8. Pulling It All Together
    9. Summary
    10. Solutions Fast Track
    11. Frequently Asked Questions
  13. Chapter 7. Securing Your Java Code
    1. Introduction
    2. Overview of the Java Security Architecture (1/2)
    3. Overview of the Java Security Architecture (2/2)
    4. How Java Handles Security (1/4)
    5. How Java Handles Security (2/4)
    6. How Java Handles Security (3/4)
    7. How Java Handles Security (4/4)
    8. Potential Weaknesses in Java
    9. Coding Functional but Secure Java Applets (1/6)
    10. Coding Functional but Secure Java Applets (2/6)
    11. Coding Functional but Secure Java Applets (3/6)
    12. Coding Functional but Secure Java Applets (4/6)
    13. Coding Functional but Secure Java Applets (5/6)
    14. Coding Functional but Secure Java Applets (6/6)
    15. Summary
    16. Solutions Fast Track
    17. Frequently Asked Questions
  14. Chapter 8. Securing XML
    1. Introduction
    2. Defining XML
    3. Creating Web Applications Using XML
    4. The Risks Associated with Using XML
    5. Securing XML (1/2)
    6. Securing XML (2/2)
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  15. Chapter 9. Building Safe ActiveX Internet Controls
    1. Introduction
    2. Dangers Associated with Using ActiveX
    3. Methodology for Writing Safe ActiveX Controls
    4. Securing ActiveX Controls (1/2)
    5. Securing ActiveX Controls (2/2)
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  16. Chapter 10. Securing ColdFusion
    1. Introduction
    2. How Does ColdFusion Work?
    3. Preserving ColdFusion Security (1/4)
    4. Preserving ColdFusion Security (2/4)
    5. Preserving ColdFusion Security (3/4)
    6. Preserving ColdFusion Security (4/4)
    7. ColdFusion Application Processing (1/2)
    8. ColdFusion Application Processing (2/2)
    9. Risks Associated with Using ColdFusion (1/2)
    10. Risks Associated with Using ColdFusion (2/2)
    11. Summary
    12. Solutions Fast Track
    13. Frequently Asked Questions
  17. Chapter 11. Developing Security-Enabled Applications
    1. Introduction
    2. The Benefits of Using Security-Enabled Applications
    3. Types of Security Used in Applications (1/3)
    4. Types of Security Used in Applications (2/3)
    5. Types of Security Used in Applications (3/3)
    6. Reviewing the Basics of PKI (1/2)
    7. Reviewing the Basics of PKI (2/2)
    8. Using PKI to Secure Web Applications
    9. Implementing PKI in Your Web Infrastructure
    10. Testing Your Security Implementation
    11. Summary
    12. Solutions Fast Track
    13. Frequently Asked Questions
  18. Chapter 12. Cradle to Grave: Working with a Security Plan
    1. Introduction
    2. Examining Your Code
    3. Being Aware of Code Vulnerabilities
    4. Using Common Sense when Coding (1/2)
    5. Using Common Sense when Coding (2/2)
    6. Creating a Security Plan
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  19. Index (1/7)
  20. Index (2/7)
  21. Index (3/7)
  22. Index (4/7)
  23. Index (5/7)
  24. Index (6/7)
  25. Index (7/7)

Product information

  • Title: Developer's Guide to Web Application Security
  • Author(s): Michael Cross
  • Release date: April 2011
  • Publisher(s): Syngress
  • ISBN: 9780080504094