- Series: Hacking Exposed
- Paperback: 386 pages
- Publisher: McGraw-Hill Osborne Media; 1 edition (June 19, 2002)
- Language: English
- ISBN-10: 007222438X
- ISBN-13: 978-0072224382
- Product Dimensions: 7.2 x 1.1 x 9 inches
- Shipping Weight: 1.8 pounds
- Average Customer Review: 12 customer reviews
- Amazon Best Sellers Rank: #4,802,978 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Web Applications (Hacking Exposed) 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
"Children of Blood and Bone"
Tomi Adeyemi conjures a stunning world of dark magic and danger in her West African-inspired fantasy debut. Pre-order today
From the Back Cover
"This book goes a long way in making the Web a safer place to do business." -- Mark Curphey, Chair of the Open Web Application Security Project
Unleash the hackers' arsenal to secure your Web applications
In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks--both simple and sophisticated--and detailed countermeasures to protect against them.
What you'll learn:
- The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
- How attackers identify potential weaknesses in Web application components
- What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
- How to survey Web applications for potential vulnerabilities --including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
- Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
- Most common input validation attacks--crafted input, command execution characters, and buffer overflows
- Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
- XML Web services vulnerabilities and best practices
- Tools and techniques used to hack Web clients--including cross-site scripting, active content attacks and cookie manipulation
- Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences
About the Author
Joel Scambray (Lafayette, CA) is a Manager in the Information Systems Audit and Advisory Services practice of Ernst & Young. Joel has over five years experience working with a variety of computer and communications technologies from both an operational and strategic standpoint--ranging from Director of IS for a major commercial real estate firm to Technology Analyst for Info World Magazine.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
However, if you are a Unix programmer then this book might not be as beneficial to you. The general concepts still apply, but the specific examples won't be as applicable. There is a chapter relating to Unix, but it seems more of an add-on to cater to a wider audience than a true effort at addressing Unix security.
HE:WA is particularly strong where the authors choose to explain web technologies. Successfully compromising web platforms requires an understanding of more than Apache or IIS. Accordingly, HE:WA gives background on SQL, web services, and web-based management. My favorite aspect of the book is its ability to explain technical details of web-based systems with an eye towards security. It's refreshing to be introduced to web services, for example, as well as learn how to attack and defend them -- all in a single book!
HE:WA describes numerous vulnerabilities, chosen to demonstrate classes of attacks. The authors provide useful methodologies for assessing web applications, each with accompanying code and text snippets. Their explanations of cross-site scripting were exceptionally clear, thanks to this approach.
I found HE:WA to be a fast but informative and engaging read. The appendices, featuring "best practices" for securing web platforms, an assessment "crib sheet", and instructions for proper deployment of URLScan, bring this excellent book to a close. Scambray and Shema won't leave you hanging -- they share their knowledge to help keep your systems as secure as possible. This is the book to buy if you're responsible for web server security.
Hacking Exposed- Web Applications: Web Application Security Secrets & Solutions by Joel Scambray and Mike Shema will show you what you need to know to protect your web servers. The authors explain how an attacker gathers information to identify target systems and seek out the vulnerabilities they can exploit to break in. They go into great detail to discuss the myriad of vulnerabilities on various platforms such as Apache, IIS, J2EE and more.
This book will help you understand just how much risk your web servers are exposed to- vulnerabilities within XML, cross-site scripting and other input validation attacks, SQL injection attacks and more. Thankfully, the authors go on to provide valuable information for how to guard against these attacks and ways to harden your web servers to protect them.
Anyone who administers a web server or develops web applications should read this book to understand the pitfalls and how to avoid them.
While a car door is a entrance to one's automobile, web servers are portals to corporate intranets, e-commerce offerings, and much more. And while a locksmith or thief can open a car door in a minute, so too can adversaries often penetrate corporate web servers with similar ease.
For those that don't accept the comparison, reading Hacking Exposed Web Applications will clearly open one's eyes. Forgetting for a minute the myriad vulnerabilities that effect many software products (including Windows, Apache, ColdFusion, and more), both books show how poorly written software, and misconfigured web servers make the penetration of web servers child's play.
The book provides step-by-step instructions in a easy to read style for hardening web servers against attack. For those that have read previous and are comfortable with books in the Hacking Exposed serious, Hacking Exposed Web Applications uses the same easy to read and well organized style.
The book has a lot of value even for those who are not so security conscious. For those with an interest in security, one's eyes will be open to the myriad places where vulnerabilities lie, from software, to scripts, mark-up files, and more. Anyone concerned with web server security should definitely read this title, or at least ensure their system administrators do. If not, think of your web servers as being Gone in 60 Seconds.
Most recent customer reviews
PROS: Doesn't get deep into code, but shows all the ways that people will peek and poke in...Read more