HackNotes(tm) Web Security Pocket Reference [Paperback]

Mike Shema (Author)

Book Description

Publication Date: June 30, 2003 | ISBN-10: 0072227842 | ISBN-13: 978-0072227840 | Edition: 1

Let consultant, trainer, and author Mike Shema show you how to guard against standard and uncommon network penetration methodologies and eliminate susceptibility to e-commerce hacking. Plus, learn to bolster Web application security and secure vulnerable hacking function areas..

Editorial Reviews

From the Back Cover

HackNotes Web Security Portable Reference describes the hacks and vulnerabilities threatening today's Web applications, then provides the defenses necessary to counteract and destroy threats of all manner. Determine whether a vulnerability exists, then attack and overcome application weaknesses through a series of tested and trusted anti-hacking methods, bullet-proof best practices, and code-level techniques. Use the unique Reference Center in the middle of the book to access security commands, input validation checklists, tables for alternate encoding schemes, online resources, SQL injection hints, application testing methodologies, and more.

.

.
• Find critical information in seconds with special 32-page Reference Center insert .
• Configure a secure Web server and develop secure Web applications .
• Learn and understand application scouring and penetration methodologies .
• Protect application data from unauthorized access .
• Create hardened policies, applications, and services .
• Track evidence of application attacks in Web server log files .
• Block platform and Web application vulnerabilities .
• Learn the tools available to handle session hijacking, SQL injection, and more .
• Eliminate common programming pitfalls in ASP, PHP, Java, and Perl .
• Identify Web-based attacks with thorough log analysis .

.

About the Author

Mike Shema is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit.

Product Details

• Paperback: 240 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (June 30, 2003)
• Language: English
• ISBN-10: 0072227842
• ISBN-13: 978-0072227840
• Product Dimensions: 8.8 x 6 x 0.3 inches
• Shipping Weight: 0.8 ounces
• Average Customer Review: 4.2 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #1,032,837 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

10 of 10 people found the following review helpful:

4.0 out of 5 stars neat little book, November 4, 2003

By 

Dr Anton Chuvakin "Dr. Anton Chuvakin" (CA, USA) - See all my reviews

This review is from: HackNotes(tm) Web Security Pocket Reference (Paperback)

Just as the network security Hacknote (the first in the series), this one delivers what is promises. The book provides a nice well-written, fairly comprehensive review of web application security.

It also manages to balance attacks and defenses, technology and methodology, tools and concepts, breadth and depth (as appropriate for the 180 page book). The book is very useful as a refresher or to move one step further in web security for a busy security professional who already knows the basics. The book obviously won't make you an expert (as likely no book will) and likely won't reveal any novel attacks to "hardened" web security types.

I liked the book, since it came handy when I needed to look up some web security items. The information is available elsewhere, but it was present in this book in a well-packaged form. Hacknotes also contains a nice "reference center" with the summary of web hacking methodology as well as some tricks to try while doing the testing/attacking.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

2 of 2 people found the following review helpful:

5.0 out of 5 stars An *excellent* guide to web application security, October 13, 2005

By 

Kevin Beaver (Atlanta, GA USA) - See all my reviews

This review is from: HackNotes(tm) Web Security Pocket Reference (Paperback)

This is a great book that introduces the core concepts of web application security for both security professionals and software developers. More security books should be written in this spare the details and cut to the chase format. It's high-level enough for beginners yet contains meat that techies and security veterans can benefit from. This book should be on the bookshelf of anyone wanting to learn the essentials of web application security.

1 of 1 people found the following review helpful:

5.0 out of 5 stars Handy web application security resources, January 1, 2006

By 

Anthony Lai Cheuk Tung "Anthony LAI, CISSP, C... (Hong Kong SAR) - See all my reviews

This review is from: HackNotes(tm) Web Security Pocket Reference (Paperback)

In last two months, I conducted a web application security course for professionals and I started to collect relevant course content. A pentest professional recommended me to read this book because it provides many useful tools and explanations of vulnerability exploits and defenses.

Especially, there is a section about Secure Programming, even it is brief, it could cover security reminder various essential components including database, web server, OS, etc. within the web application infrastructure. In addition, it mentioned current three web application languages - Java, PHP and ASP.

The content of reference center are very useful to developers, system/security admininstrator and auditor. Furthermore, the assessment checklist gives us a start to test the application.

At least, this book provides a starting point to people to go further.