Web Security/Web Hacking



The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Author: Dafydd Stuttard, Marcus Pinto
Publisher: Wiley
Year: 2007
Pages: 736
Amazon's book description: This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.




Cross Site Scripting Attacks: Xss Exploits and Defense
Author: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager, Petko D. Petkov
Publisher: Syngress
Year: 2007
Pages: 480
Amazon's book description: Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.




Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
Author: Rich Cannings, Himanshu Dwivedi
Publisher: McGraw-Hill Osborne Media
Year: 2007
Pages: 288
Amazon's book description: Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.




Web Hacking from the Inside Out
Author: Michael Flenov
Publisher: A-List Publishing
Year: 2007
Pages: 300
Amazon's book description: Covering new technologies used to search for vulnerabilities on websites from a hacker's point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.




Hacking Exposed Web Applications
Author: Joel Scambray, Mike Shema, Caleb Sima
Publisher: McGraw-Hill Osborne Media
Year: 2006
Pages: 520
Amazon's book description: Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.




How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Author: Mike Andrews, James A. Whittaker
Publisher: Addison-Wesley Professional
Year: 2006
Pages: 240
Amazon's book description: In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You'll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find.




Professional Pen Testing for Web Applications
Author: Andres Andreu
Publisher: Wrox
Year: 2006
Pages: 522
Amazon's book description: There is no such thing as "perfect security" when it comes to keeping all systems intact and functioning properly. Good penetration (pen) testing creates a balance that allows a system to be secure while simultaneously being fully functional. With this book, you'll learn how to become an effective penetrator (i.e., a white hat or ethical hacker) in order to circumvent the security features of a Web application so that those features can be accurately evaluated and adequate security precautions can be put in place.




Hacking Web Services
Author: Shreeraj Shah
Publisher: Charles River Media
Year: 2006
Pages: 352
Amazon's book description: Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security. Beginning with a brief introduction to Web services technologies, the book discusses Web services assessment methodology, WSDL -- an XML format describing Web services as a set of endpoints operating on SOAP messages containing information -- and the need for secure coding. Various development issues and open source technologies used to secure and harden applications offering Web services are also covered. Throughout the book, detailed case studies, real-life demonstrations, and a variety of tips and techniques are used to teach developers how to write tools for Web services. If you are responsible for securing your company's Web services, this is a must read resource!




Web Hacker Boot Camp
Author: Gerald Quakenbush
Publisher: MasterMind Press
Year: 2006
Pages: 236
Amazon's book description: This book is a self-paced training guide that will help security professionals and web developers understand how many application-layer attacks work. Through hands-on, step-by-step exercises readers get to see first hand how hackers pull off a variety of attacks, such as SQL Injection, Session Hijacking, OS Command Injection, Cross-Site Scripting and Parameter Tampering.




Hackish PHP Pranks & Tricks
Author: Michael Flenov
Publisher: A-List Publishing
Year: 2006
Pages: 300
Amazon's book description: Concentrating on PHP script programming, this book considers Web security and optimization from the hacker's point of view. The many utilities used by hackers and written with PHP, examples of secure applications and algorithms for scripts, new ways of writing real hacking programs for the Web and nonstandard PHP programming techniques and possibilities. Programmers will also learn what tricks to expect from a hacker and how to create the most effective protection system possible are all discussed in detail.




Hacker Web Exploitation Uncovered
Author: Marsel Nizamutdinov
Publisher: A-List Publishing
Year: 2005
Pages: 450
Amazon's book description: A description and analysis of the vulnerabilities caused by programming errors in Web applications, this book is written from both from the attacker's and security specialist's perspective. Covered is detecting, investigating, exploiting, and eliminating vulnerabilities in Web applications as well as errors such as PHP source code injection, SQL injection, and XSS. The most common vulnerabilities in PHP and Perl scripts and methods of exploiting these weaknesses are described, information on writing intersite scripts and secure systems for the hosted sites, creating secure authorization systems, and bypassing authorization. Uncovered is how attackers can benefit from the hosted target and why an apparently normal-working application might be vulnerable.




Hacking the Code: ASP.NET Web Application Security
Author: Mark Burnett
Publisher: Syngress
Year: 2004
Pages: 472
Amazon's book description: Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book.




HackNotes Web Security Pocket Reference
Author: Mike Shema
Publisher: McGraw-Hill Osborne Media
Year: 2003
Pages: 240
Amazon's book description: Let consultant, trainer, and author Mike Shema show you how to guard against standard and uncommon network penetration methodologies and eliminate susceptibility to e-commerce hacking. Plus, learn to bolster Web application security and secure vulnerable hacking function areas.




Improving Web Application Security: Threats and Countermeasures
Author: Microsoft Corporation
Publisher: Microsoft Press
Year: 2003
Pages: 958
Amazon's book description: This guide helps you design, build, and configure hack-resilient Web applications. These are applications that reduce the likelihood of successful attacks and mitigate the extent of damage should an attack occur.




Web Hacking: Attacks and Defense
Author: Stuart McClure, Saumil Shah, Shreeraj Shah
Publisher: Addison-Wesley Professional
Year: 2002
Pages: 528
Amazon's book description: Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line...




Testing Web Security: Assessing the Security of Web Sites and Applications
Author: Steven Splaine
Publisher: Wiley
Year: 2002
Pages: 352
Amazon's book description: Covers security basics and guides reader through the process of testing a Web site. Explains how to analyze results and design specialized follow-up tests that focus on potential security gaps. Teaches the process of discovery, scanning, analyzing, verifying results of specialized tests, and fixing vulnerabilities.