December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 15
Intrusive Response Actions
Ground on which we can only be saved from destruction by fighting without delay is desperate ground.
—Sun Tzu in The Art of War
The first two chapters in Part III provide a wide range of response actions that you may use in various situations. These responses, however, act upon requests that attackers send to our web applications. In this final chapter of the book, we offer some options for taking the battle to the attacker. Specifically, we will target real users who attack our web application using a web browser as a client. If the attacker is using a real web browser to interact with our web application, we leverage this fact to our advantage. The actions presented in these final recipes are intrusive in nature because we send back executable code to the attacker’s web browser. This allows us to gather more information about the attacker’s computer, network, and physical location or even prevent further attacks.