book

Penetration Testing and Network Defense

by Andrew Whitaker, Daniel P. Newman

October 2005

Intermediate to advanced

624 pages

15h 47m

English

Cisco Press

Read now

Unlock full access

Who Should Read this BookEthical ConsiderationsHow This Book Is Organized
Defining Penetration TestingAssessing the Need for Penetration TestingAttack StagesChoosing a Penetration Testing VendorPreparing for the TestSummary
Ethics of Penetration TestingLawsLoggingTo Fix or Not to FixSummary
Step-by-Step PlanOpen-Source Security Testing Methodology ManualDocumentationSummary
Human PsychologyWhat It Takes to Be a Social EngineerFirst Impressions and the Social EngineerTech Support ImpersonationThird-Party ImpersonationE-Mail ImpersonationEnd User ImpersonationCustomer ImpersonationReverse Social EngineeringProtecting Against Social EngineeringCase StudySummary
Passive Host ReconnaissanceActive Host ReconnaissancePort ScanningNMapDetecting a ScanCase StudySummary
Defining Session HijackingToolsBeware of ACK StormsKevin Mitnick’s Session Hijack AttackDetecting Session HijackingProtecting Against Session HijackingCase StudySummaryResources
Understanding Web LanguagesWebsite ArchitectureE-Commerce ArchitectureWeb Page SpoofingCookie GuessingBrute Force AttacksToolsDetecting Web AttacksProtecting Against Web AttacksCase StudySummary
Defining DatabasesTesting Database VulnerabilitiesSecuring Your SQL ServerDetecting Database AttacksProtecting Against Database AttacksCase StudySummaryReferences and Further Reading
Password HashingPassword-Cracking ToolsDetecting Password CrackingProtecting Against Password CrackingCase StudySummary
Bypassing FirewallsEvading Intruder Detection SystemsTesting Routers for VulnerabilitiesTesting Switches for VulnerabilitiesSecuring the NetworkCase StudySummary
History of Wireless NetworksAntennas and Access PointsWireless Security TechnologiesWar DrivingToolsDetecting Wireless AttacksCase StudySummary
Trojans, Viruses, and Backdoor ApplicationsCommon Viruses and WormsTrojans and BackdoorsDetecting Trojans and Backdoor ApplicationsPreventionCase StudySummary
General ScannersUNIX Permissions and Root AccessMicrosoft Security Models and ExploitsNovell Server Permissions and VulnerabilitiesDetecting Server AttacksPreventing Server AttacksCase StudySummary
Memory ArchitectureBuffer Overflow ExamplesPreventing Buffer OverflowsCase StudySummary
Types of DoS AttacksTools for Executing DoS AttacksDetecting DoS AttacksPreventing DoS AttacksCase StudySummary
Case Study: LCN Gets TestedDAWN Security
What Is a Security Policy?Risk AssessmentBasic Policy RequirementsSecurity Policy Implementation and ReviewPreparing a Security Policy in Ten Basic StepsReference Links
Performing Host Reconnaissance (Chapter 5)Understanding and Attempting Session Hijacking (Chapter 6)Performing Web-Server Attacks (Chapter 7)Performing Database Attacks (Chapter 8)Cracking Passwords (Chapter 9)Attacking the Network (Chapter 10)Scanning and Penetrating Wireless Networks (Chapter 11)Using Trojans and Backdoor Applications (Chapter 12)Penetrating UNIX, Microsoft, and Novell Servers (Chapter 13)Understanding and Attempting Buffer Overflows (Chapter 14)Denial-of-Service Attacks (Chapter 15)

Content preview from Penetration Testing and Network Defense

Chapter 7. Performing Web Server Attacks

Everyone is a moon and has a dark side which he never shows to anybody.

—Mark Twain

It is no longer necessary to drive down to the local mall to shop for goods; now, shoppers can buy virtually anything online. Groceries, hard-to-find collectibles, cars, electronics, and books—the list is endless as to what you can buy on the World Wide Web. Yet this ease of shopping comes at the expense of increased security concerns. Although the security risks of shopping online are really no greater than those of shopping in person, the appeal of online attacks is greater for the potential thief. Now a malicious hacker can attack from the safety of his own home and go virtually undetected. Web hacking is also attractive ...