APPLICATION SECURITY BOOK EXCERPTS
Hacking for Dummies -- Chapter 16, Web applications
Kevin Beaver
08.30.2006
Rating: -4.67- (out of 5)
As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 66 of Hacking for Dummies written by Kevin Beaver and published by Wiley Publishing.
This chapter, "Web Applications," reviews application hacks to check on your systems, as well as countermeasures to help minimize the chances that a hacker can carry out these attacks. Attacks covered include insecure login mechanisms, directory traversal attacks and input attacks.
Book description:
Hackers For Dummies helps you hack into a hacker's mindset and take security precautions to help you avoid a hack attack. It outlines computer hacker tricks and techniques you can use to assess the security of your own information systems, find security vulnerabilities, and fix them before malicious and criminal hackers can exploit them. It covers the following:
- Hacking methodology and researching public information to see what a hacker can quickly learn about your operations
- Social engineering (how hackers manipulate employees to gain information and access), physical security, and password vulnerabilities
- Network infrastructure, including port scanners, SNMP scanning, banner grabbing, scanning, and wireless LAN vulnerabilities
- Operating systems, including Windows, Linux, and Novell NetWare
- Application hacking, including malware (Trojan horses, viruses, worms, rootkits, logic bombs, and more), e-mail and instant messaging, and Web applications
- Tests, tools (commercial, shareware, and freeware), and techniques that offer the most bang for your ethical hacking buck
With this guide you can develop and implement a comprehensive security assessment plan, get essential support from management, test your system for vulnerabilities, take countermeasures, and protect your network infrastructure. You discover how to beat hackers at their own game, with the following:
- A hacking toolkit, including War dialing software, password cracking software, network scanning software, network vulnerability assessment software, a network analyzer, a Web application assessment tool, and more
- All kinds of countermeasures and ways to plug security holes
- A list of more than 100 security sites, tools, and resources
Ethical hacking helps you fight hacking with hacking, pinpoint security flaws within your systems, and implement countermeasures. Complete with tons of screen shots, step-by-step instructions for some countermeasures, and actual case studies from IT security professionals, this is an invaluable guide, whether you're an Internet security professional, part of a penetration-testing team, or in charge of IT security for a large or small business.
>> Read "Chapter 16: Web Applications" now.
>> Buy the book
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now
to start rating these tips. Log in if you are already a member.
|
 |
 |
| |
RELATED CONTENT
 |
Application Security Book Excerpts |
|
Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
|
|
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
|
|
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
|
|
Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
|
|
Ajax Security -- Chapter 6, Transparency in Ajax Applications
|
|
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks
|
|
Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors
|
|
Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis
|
|
Security Metrics: Replacing Fear, Uncertainty, and Doubt -- Chapter 3, Application Security Metrics
|
|
Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership, and Role Management
|
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
