Skip to Content
Security De-Engineering
book

Security De-Engineering

by Ian Tibble
December 2011
Intermediate to advanced content levelIntermediate to advanced
332 pages
9h 15m
English
Auerbach Publications
Content preview from Security De-Engineering
174 Security De-engineering
testing, I recall a case with an online gambling rm in Hong Kong.
From Google searches and “whois” Internet domain registration infor-
mation, the client owned at least two class C (up to 253 individual
host IP addresses) address ranges but limited the testing to 10 “live” IP
addresses. e 10 targets given were purely Webservers for which the
client’s rewall exposed only ports 80 and 443, and the TSAP Hackers
did nd some X-site scripting, server-side parameter validation prob-
lems, plus a glaring Structured Query Language (SQL) injection issue.
Additionally though, in the initial port scan, it was clear that there
were other live IP addresses (outside of the testing range) with “visible”
listening services.  ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Advanced Persistent Threat

Advanced Persistent Threat

Eric Cole
Point & Click OpenOffice.org!

Point & Click OpenOffice.org!

Robin ‘Roblimo’ Miller

Publisher Resources

ISBN: 9781439868355