Web Hacker Boot Camp
Some of the most serious security flaws on the Internet today are application-layer flaws in custom web applications. Such vulnerabilities undermine all other system hardening efforts. While techniques to exploit application-layer flaws are common among hackers, most security professionals have little experience with them. This book is a self-paced training guide that will help security professionals and web developers understand how many application-layer attacks work. Through hands-on, step-by-step exercises readers get to see first hand how hackers pull off a variety of attacks, such as SQL Injection, Session Hijacking, OS Command Injection, Cross-Site Scripting and Parameter Tampering. Additionally, the book features: * Explanation of how HTTP based applications really work
* The Web Hacker’s Toolbox showing you the tools you need and how to use them, including extensive coverage of Paros, the open source proxy tool
* A systematic, repeatable process for examining web applications for security flaws even if you don’t have the source code Available on this book’s download site: * MasterBugs – a functional, real-world web application, used throughout the book
* StealthVNC – a modification of the open-source VNC software used by the author to demonstrate how to assume full, graphical remote control of a target after exploiting various application-layer flaws
* ZombieVM – a Linux virtual machine (for VMWare) with software containing flaws examined in the book Isn’t it about time you caught up with the hackers?
Item tags:
application, flaws, hacker, book |
