Web Hacking: Attacks and Defense (Paperback)

by Stuart McClure (Author), Saumil Shah (Author), Shreeraj Shah (Author)

Editorial Reviews

Product Description
Exposes complete methodologies showing the actual techniques and attacks. Shows countermeasures, tools, and eye-opening case studies. Covers the web commerce playground, describing web languages and protocols, web and database servers, and payment systems. Softcover.

From the Back Cover
"Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..."
--From the Foreword by William C. Boni, Chief Information Security Officer, Motorola"Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why."
--Lance Spitzner, Founder, The Honeynet ProjectWhether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.

Features include:

• Overview of the Web and what hackers go after
• Complete Web application security methodologies
• Detailed analysis of hack techniques
• Countermeasures
• What to do at development time to eliminate vulnerabilities
• New case studies and eye-opening attack scenarios
• Advanced Web hacking concepts, methodologies, and tools

"How Do They Do It?" sections show how and why different attacks succeed, including:

• Cyber graffiti and Web site defacements
• e-Shoplifting
• Database access and Web applications
• Java™ application servers; how to harden your Java™ Web Server
• Impersonation and session hijacking
• Buffer overflows, the most wicked of attacks
• Automated attack tools and worms

Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.

Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.

0201761769B07192002

See all Editorial Reviews

Product Details

• Paperback: 528 pages
• Publisher: Addison-Wesley Professional (August 18, 2002)
• Language: English
• ISBN-10: 0201761769
• ISBN-13: 978-0201761764
• Product Dimensions: 8.9 x 7.4 x 1.3 inches
• Shipping Weight: 2 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars See all reviews (13 customer reviews)
• Amazon.com Sales Rank: #664,238 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

29 of 30 people found the following review helpful:

5.0 out of 5 stars Eclectic, September 28, 2002

By	Marco De Vivo "mata-hackers" (Miami, Florida United States) - See all my reviews (REAL NAME)

So you heard all this hype on Web Hacking, and want to know more about this matter.

Well, if you think about the web as an e-commerce platform, then just Buy 'Web Security, Privacy & Commerce' by Garfinkel and Spafford, an excellent and classic book.

Are you interested in 'pure hacking'? I mean 'perl scripts', cross site and traversal attacks, hackers jargon, and all the related issues..... then buy 'Hacking Web Applications Exposed' by Scambray and Shema. Excellent book too, and excellent authors. But beware, it is not for newbies. You MUST have a lot of background to fully understand the attacks.

Now, what about an easier generic book, covering the same issues as the others but in a step by step and kinder way.? A book to start from zero, but leading to understand all the currently related themes. Well, if this is what you want, then 'Web Hacking' is your book. It covers all that need to be covered in this area. In an easy and well structured way. The reading is very light and the authors 'break down' of the matter, makes the contents very intuitive.

The book is structured into four main sections (covering the same areas as the previously referred books) :

** The E-commerce Playground
** URLs Unraveled
** How Do They Do It?
** Advanced Web Kung Fu

It includes also, several interesting appendixes (specially useful the 'cheat sheet' appendix).

A lot of simple case studies (of the kind 'Bob and Alice') are presented as well as some more technical analyses (Code Red, Nimda etc.)

If I were to select a book as a reference for a first course on web security, 'Web Hacking' would be my choise. Definitively.

16 of 17 people found the following review helpful:

5.0 out of 5 stars Excellent, a _must_ read, August 20, 2002

By	"nit_d" (Seattle, WA USA) - See all my reviews

This book has a wealth of information on the subject of Web Hacking. As an administrator responsible for the well-being of various web servers, it is important for me to keep up with the vulnerabilities and know the tactics of crackers, and this book filled me in with more than enough knowledge.

The book starts out with good introduction on the topic of web languages, and leads you to various topics such as finding and exploiting buffer overflows. There is a _lot_ of ground covered in this book including databases, cracking tools, SQL code injection, countermeasures, etc.

If you are responsible for any host sitting on the internet, this is your bible.

11 of 11 people found the following review helpful:

5.0 out of 5 stars Grab a cup of joe curl up in a comfy place and get ready f, August 28, 2002

By	Robin Carver "robin@greatheartbouv.com" (Newmarket, Ontario, Canada) - See all my reviews

Web Hacking, Attacks and Defense by Stuart McClure, Saumil Shah and Shreeraj Shah is an excellent introductory level book to the world of web hacking. If you are a seasoned professional you will also enjoy having this book in your collection, as it is an excellent resource book.

Ever wonder how anyone can enter a web site and see more than what's presented? With a clear understanding of the protocols, web languages, an understanding of the processes behind e commerce and a bit of historical knowledge you too can hack a web site, and wind up on the FBI's most wanted list. But by the same token, a little bit of knowledge is a powerful thing, with the information presented here you can easily get started on the road to keeping the hackers out, and damage to a minimum if they do get in.

The chapters are clearly laid out, and include code with explanations of the weaknesses, referrals to more in depth study, precautionary measures you can take to help secure your site and a look at the various tools available to harden your site.

IIS and Apache are reviewed, along with Oracle and SQL Server to show some of the more popular Web Servers and Databases, how they work, are exploited and ways to harden them against attack. The protocols used by the web, web programming languages, and an explanation of how a browser interprets commands are graphically laid out with examples presented. It would be hard to come away from this book with out an understanding of the concepts, as they are so clearly defined.

Everything from setting a common understanding of terms to basic E Commerce concepts to unraveling Code Red and a truly unique presentation of IDS (Intrusion Detection Systems) is presented and well worth the time it takes to read.

Enjoy!