找回密码
 注册
搜索
热搜: java php web
查看: 615|回复: 1

Hacking Exposed Web 2.0

[复制链接]
发表于 2009-9-9 17:31:09 | 显示全部楼层 |阅读模式



作者:Rich Cannings, Himanshu Dwivedi, Zane Lackey, Alex Stamos, Chris Clark, Jesse Burns
副书名:Web 2.0 Security Secrets and Solutions
出版日期:December 17, 2007
出版社:McGraw-Hill
页数:258
ISBN:ISBN-10: 0071494618 ISBN-13: 978-0071494618
文件格式:PDF


Lock down next-generation Web services
“This book concisely identifies the types of attacks which are faceddaily by Web 2.0 sites, and the authors give solid, practical advice onhow to identify and mitigate these threats.” –Max Kelly, CISSP, CIPP,CFCE, Senior Director of Security, Facebook
Protect your Web 2.0 architecture against the latest wave ofcybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0shows how hackers perform reconnaissance, choose their entry point, andattack Web 2.0-based services, and reveals detailed countermeasures anddefense techniques. You’ll learn how to avoid injection and bufferoverflow attacks, fix browser and plug-in flaws, and secure AJAX,Flash, and XML-driven applications. Real-world case studies illustratesocial networking site weaknesses, cross-site attack methods, migrationvulnerabilities, and IE7 shortcomings.
  • Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
  • Learn how hackers target and abuse vulnerable Web 2.0 applications,browsers, plug-ins, online databases, user inputs, and HTML forms
  • Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
  • Circumvent XXE, directory traversal, and buffer overflow exploits
  • Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
  • Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
  • Use input validators and XML classes to reinforce ASP and .NET security
  • Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
  • Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
  • Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks
About the Author
Rich Cannings is a senior information security engineer at Google.
Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization, and the author of several security books.
Zane Lackey is a senior security consultant with iSEC Partners.

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

×
发表于 2009-10-31 11:51:27 | 显示全部楼层
不错,呵呵!

评分

1

查看全部评分

回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|软晨网(RuanChen.com)

GMT+8, 2024-11-23 09:52

Powered by Discuz! X3.5

Copyright © 2001-2023 Tencent Cloud.

快速回复 返回顶部 返回列表