book

Web Security

Name: Web Security
Author: Hanqing Wu
ISBN: 9781498760232

by Hanqing Wu

April 2015

Intermediate to advanced

532 pages

13h 4m

English

Auerbach Publications

Read now

Unlock full access

Foreword
Preface
MY JOURNEY INTO THE SECURITY WORLDJoining AlibabaReflections on Network SecuritySecurity EnlightenmentAbout White HatStructure of This BookAcknowledgments
Authors
Section I - Our View of the Security World
Chapter 1 - View of the IT Security World
1.1 Brief History of Web Security1.1.1 Brief History of Chinese Hackers1.1.2 Development Process of Hacking Techniques1.1.3 Rise of Web Security1.2 Black Hat, White Hat1.3 Back to Nature: The Essence of Secret Security1.4 Superstition: There Is No Silver Bullet1.4.1 Security: An Ongoing Process1.5 Security Elements1.6 How to Implement Safety Assessment1.6.1 Asset Classification1.6.2 Threat Analysis1.6.3 Risk Analysis1.6.4 Design of Security Programs1.7 Art of War FOR White Hat1.7.1 Principle of Secure by Default1.7.1.1 Blacklist, Whitelist1.7.1.2 Principle of Least Privilege1.7.2 Principle of Defense in Depth1.7.3 Principles of Data and Code Separation1.7.4 Unpredictability of the Principles1.8 Summary1.A AppendixWho Will Pay for Vulnerability?
Section II - Safety on the Client Script
Chapter 2 - Security of Browser
2.1 Same-Origin Policy2.2 SANDBOX BROWSER2.3 Malicious URL Intercept2.4 Rapid Development of Browser Security2.5 Summary
Chapter 3 - Cross-Site Scripting Attack
3.1 Introduction3.1.1 First Type: Reflected XSS3.1.2 Second Type: Stored XSS3.1.3 Third Type: DOM-Based XSS3.2 Advanced XSS Attack3.2.1 Preliminary Study on XSS Pay Load3.2.2 XSS Payload Power3.2.2.1 Structure GET and POST Request3.2.2.2 XSS Phishing3.2.2.3 Identify the User’s Browser3.2.2.4 Identify User-Installed Software3.2.2.5 CSS History Hack3.2.2.6 Get the User’s Real IP Address3.2.3 XSS Attack Platform3.2.3.1 Attack API3.2.3.2 BeEF3.2.3.3 XSS-Proxy3.2.4 Ultimate Weapon: XSS Worm3.2.4.1 Samy Worm3.2.4.2 Baidu Space Worms3.2.5 Debugging JavaScript3.2.5.1 Firebug3.2.5.2 IE 8 Developer Tools3.2.5.3 Fiddler3.2.5.4 HttpWatch3.2.6 Construction Skills of XSS3.2.6.1 Use Character Encoding3.2.6.2 Bypass the Length Limit3.2.6.3 Using <base> Tags3.2.6.4 Magical Effect of window.name3.2.7 Turning Waste into Treasure: Mission Impossible3.2.7.1 Apache Expect Header XSS3.2.7.2 Anehta Boomerang3.2.8 Easily Overlooked Corner: Flash XSS3.2.9 Really Sleep without Any Anxiety: JavaScript Development Framework3.2.9.1 Dojo3.2.9.2 YUI3.2.9.3 jQuery3.3 XSS Defense3.3.1 Skillfully Deflecting the Question: HttpOnly3.3.2 Input Checking3.3.3 Output Checking3.3.3.1 Secure Coding Function3.3.3.2 Only Need One Kind of Coding3.3.4 Defense XSS Correctly Designed3.3.4.1 Output in HTML Attributes3.3.4.2 Output in the Event3.3.4.3 Output in CSS3.3.4.4 Output in Address3.3.5 Dealing with Rich Text3.3.6 Defense DOM-Based XSS3.3.7 See XSS from Another Angle of Risk3.4 Summary
Chapter 4 - Cross-Site Request Forgery
4.1 Introduction4.2 Advanced CSRF4.2.1 Cookie Policy of Browsers4.2.2 Side Effect of P3P Header4.2.3 GET? POST?4.2.4 Flash CSRF4.2.5 CSRF Worm4.3 CSRF DEFENSE4.3.1 Verification Code4.3.2 Referer Check4.3.3 Anti-CSRF Token4.3.3.1 Nature of CSRF4.3.3.2 Token Principles4.4 Summary
Chapter 5 - Clickjacking
5.1 What Is Clickjacking?5.2 Flash Clickjacking5.3 Image-Covering Attacks5.4 Drag Hijacking and Data Theft5.5 Clickjacking 3.0: Tapjacking5.6 Defense against Clickjacking5.6.1 Frame Busting5.6.2 X-Frame-Options5.7 Summary

Chapter 6 - HTML5 Securities
6.1 New Tags of HTML56.1.1 New Tags of XSS6.1.2 iframe Sandbox6.1.3 Link Types: Noreferrer6.1.4 Magical Effect of Canvas6.2 Other Security Problems6.2.1 Cross-Origin Resource Sharing6.2.2 postMessage: Send Message across Windows6.2.3 Web Storage6.3 Summary
Section III - Application Security on the Server Side
Chapter 7 - Injection Attacks
7.1 SQL Injection Attacks7.1.1 Blind Injection7.1.2 Timing Attack7.2 Database Attacking Techniques7.2.1 Common Attack Techniques7.2.2 Command Execution7.2.3 Stored Procedure Attacks7.2.4 Coding Problems7.2.5 SQL Column Truncation7.3 Properly Defending against SQL Injection7.3.1 Using Precompiled Statements7.3.2 Using Stored Procedures7.3.3 Checking the Data Type7.3.4 Using Safety Functions7.4 Other Injection Attacks7.4.1 XML Injection7.4.2 Code Injection7.4.3 CRLF Injection7.5 Summary
Chapter 8 - File Upload Vulnerability
8.1 File Upload Vulnerability Overview8.1.1 FCKEditor File Upload Vulnerability8.1.2 Bypassing the File Upload Check Function8.2 Functionality or Vulnerability8.2.1 Apache File Parsing Problem8.2.2 IIS File Parsing Problem8.2.3 PHP CGI Path Parsing Problem8.2.4 Upload Files Phishing8.3 Designing Secure File Upload Features8.4 Summary
Chapter 9
Authentication and Session Management9.1 Who Am I?9.2 Password9.3 Multifactor Authentication9.4 Session Management and Authentication9.5 Session Fixation Attacks9.6 Session Keep Attack9.7 Single Sign-On9.8 Summary
Chapter 10 - Access Control
10.1 What Can I Do?10.2 Vertical Rights Management10.3 Horizontal Rights Management10.3.1 Unauthorized User Access Problems on youku.com (Vulnerability No. Wooyun-2010-0129)10.3.2 Unauthorized User Access Problems on layifen.com (Loopholes No. Wooyun-2010-01576)10.4 Summary of OAuth10.5 Summary
Chapter 11 - Encryption Algorithms and Random Numbers
11.1 Introduction11.2 Stream Cipher Attack11.2.1 Reused Key Attack11.2.2 Bit-Flipping Attack11.2.3 Issue of Weak Random IV11.3 WEP Crack11.4 ECB Mode Defects11.5 Padding Oracle Attack11.6 Key Management11.7 Problems with a Pseudorandom Number11.7.1 Trouble with a Weak Pseudorandom Number11.7.2 Time Is Really Random11.7.3 Breaking the Pseudorandom Number Algorithm Seed11.7.4 Using Secure Random Numbers11.8 Summary11.A Appendix: Understanding the MD5 Length Extension Attack
Chapter 12 - Web Framework Security
12.1 MVC Framework Security12.2 Template Engine and XSS Defenses12.3 Web Framework and CSRF Defense12.4 HTTP Header Management12.5 Data Persistence Layer and SQL Injection12.6 WHAT MORE CAN WE THINK OF?12.7 Web Framework Self-Security12.7.1 Struts 2 Command Execution Vulnerability12.7.2 Struts 2 Patch12.7.3 Spring MVC Execution Vulnerability12.7.4 Django Execution Vulnerability12.8 Summary
Chapter 13 - Application-Layer Denial-of-Service Attacks
13.1 Introduction to DDoS13.2 Application-Layer DDoS13.2.1 CC Attack13.2.2 Restriction of Request Frequency13.2.3 The Priest Climbs a Post, the Devil Climbs Ten13.3 About Verification Code13.4 DDoS in the Defense Application Layer13.5 Resource Exhaustion Attack13.5.1 Slowloris Attack13.5.2 HTTP POST DOS13.5.3 Server Limit DoS13.6 DOS Caused by Regular Expression: ReDOS13.7 Summary
Chapter 14 - PHP Security
14.1 File Inclusion Vulnerability14.1.1 Local File Inclusion14.1.2 Remote File Inclusion14.1.3 Using Skill of Local File Inclusion14.2 Variable Coverage Vulnerability14.2.1 Global Variable Coverage14.2.2 The extract() Variable Coverage14.2.3 Traversal Initializing Variables14.2.4 The import_request_variables Variable Coverage14.2.5 The parse_str() Variable Coverage14.3 Code Execution Vulnerability14.3.1 “Dangerous Function” Executes the Code14.3.1.1 The phpMyAdmin 3.4.3.1 Remote Code Execution Vulnerability14.3.1.2 MyBB1.4 Remote Code Execution Vulnerability14.3.2 File Writing Code Execution14.3.3 Other Methods of Code Execution14.3.3.1 Functions That Directly Execute Code14.3.3.2 File Inclusion14.3.3.3 Writing in Local File14.3.3.4 Execution of the preg_replace() Code14.3.3.5 Dynamic Function Execution14.3.3.6 Curly Syntax14.3.3.7 Callback Function Execution Code14.3.3.8 Unserialize() Results in Code Execution14.4 Customize Secure PHP Environment14.5 Summary
Chapter 15 - Web Server Configuration Security
15.1 Apache Security15.2 Nginx Security15.3 jBoss Remote Command Execution15.4 Tomcat Remote Command Execution15.5 HTTP Parameter Pollution15.6 Summary
Section IV - Safety Operations of Internet Companies
Chapter 16 - Security of Internet Business
16.1 WHAT KIND OF SECURITY DO PRODUCTS REQUIRE?16.1.1 Security Requirements of Internet Products16.1.2 What Is a Good Security Program?16.1.2.1 Complex Password Security16.2 Business Logic Security16.2.1 Loopholes in Password Security16.2.2 Who Will Be the Big Winner?16.2.3 Practice Deception16.2.4 Password Recovery Process16.3 How the Account Is Stolen16.3.1 Various Ways of Account Theft16.3.2 Analysis on Why Accounts Get Stolen16.4 Internet Garbage16.4.1 Threat of Spam16.4.2 Spam Disposal16.5 Phishing16.5.1 Details about Phishing16.5.2 Mail Phishing16.5.3 Prevention and Control of Phishing Sites16.5.3.1 Control the Routes of Transmission of Phishing Sites16.5.3.2 Direct Fight against Phishing Sites16.5.3.3 User Education16.5.3.4 Automatic Identification of Phishing Sites16.5.4 Phishing in Online Shopping16.5.5 Analysis of Phishing in Online Shopping and Its Prevention16.6 User Privacy Protection16.6.1 Challenges in Internet User Privacy16.6.2 How to Protect User Privacy16.6.3 Do Not Track16.7 Summary16.A Appendix: Trouble Terminator
Chapter 17 - Security Development Lifecycle
17.1 Introduction17.2 Agile SDL17.3 SDL Actual Combat Experience17.4 Requirements Analysis and Design Phase17.5 Development Phase17.5.1 Providing Security Functions17.5.2 Code Security Audit Tool17.6 Test Phase17.7 Summary
Chapter 18 - Security Operations
18.1 Make the Security Operated18.2 Process of Vulnerability Patch18.3 Security Monitoring18.4 Intrusion Detection18.5 Emergency Response Process18.6 Summary18.A AppendixDevelopment Direction of Security in Internet Enterprises1

Overview

This book presents a comprehensive guide to web security and explains how companies can build a highly effective and sustainable security system. It reveals how hackers work and explains why companies of different scale require different security methodologies. With in-depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, click jacking, injection attacks, web frame security, leaks, transactions security, and security development lifecycle.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Web Security: Common Vulnerabilities And Their Mitigation

Publisher Resources

ISBN: 9781466592612

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills