Skip to Content
Security De-Engineering
book

Security De-Engineering

by Ian Tibble
December 2011
Intermediate to advanced content levelIntermediate to advanced
332 pages
9h 15m
English
Auerbach Publications
Content preview from Security De-Engineering
136 Security De-engineering
trusted to handle the assessment, and false positives will be produced
that will need later analysis by a technical expert.
Some tools can detect a blatant cross-site scripting problem where
the submitted marked up attack string is returned in the “next page”
generated by the application, but the malevolent user input can be
“stored” in many places in the application output, such as in logs or
alert messages, or emails sent out by the application.
Generally speaking, there is slightly more advantage to be gained
in usage of Web autoscanners as compared with autoscanners, but in
terms of business-critical Web applications, it comes nowhere near the
level sucient for organizations to be able to avoid usage of Hac
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Advanced Persistent Threat

Advanced Persistent Threat

Eric Cole
Point & Click OpenOffice.org!

Point & Click OpenOffice.org!

Robin ‘Roblimo’ Miller

Publisher Resources

ISBN: 9781439868355