December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 2
Vulnerability Identification and Remediation
You can be sure of succeeding in your attacks if you only attack places which are undefended. You can ensure the safety of your defense if you only hold positions that cannot be attacked.
—Sun Tzu in The Art of War
Do you know if any vulnerabilities exist within your web applications? Odds are they do. What’s even more worrisome should be the fact that attackers are relentlessly looking to find and exploit them. You may think that your web application has no perceived value to attackers and thus you are not a potential target, but you would be wrong. Every web application has value for some criminal element. Identity theft and fraud syndicates value your customers’ credit card data, and it is often improperly stored in e-commerce sites. Malware groups target your large customer base for infection and want to use your site as a distribution platform. Hacktivists may want to knock your site offline with a denial-of-service attack. These diverse groups have equally diverse end goals, but they all share the common methodology of relentlessly enumerating and exploiting weaknesses in target web infrastructures.
With this realization as a backdrop, the most prudent course of action becomes finding and fixing all your vulnerabilities before the bad guys do. The builder, breaker, and defender communities all use different methods and tools to identify web application vulnerabilities, each with varying degrees of accuracy and coverage. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.