Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Rich Cannings, Himanshu Dwivedi, Zane Lackey

  • 出版商: McGraw-Hill Education
  • 出版日期: 2008-01-07
  • 定價: $1,750
  • 售價: 8.0$1,400
  • 語言: 英文
  • 頁數: 258
  • 裝訂: Paperback
  • ISBN: 0071494618
  • ISBN-13: 9780071494618
  • 相關分類: 資訊安全駭客 Hack
  • 立即出貨 (庫存=1)




Lock down next-generation Web services

"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook

Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.

  • Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
  • Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
  • Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
  • Circumvent XXE, directory traversal, and buffer overflow exploits
  • Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
  • Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
  • Use input validators and XML classes to reinforce ASP and .NET security
  • Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
  • Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
  • Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks 

Table of Contents

Part I: Attacking Web 2.0
Chapter 1. Common Injection Attacks
Chapter 2. Cross-Site Scripting
Part II: Next Generation Web Application Attacks
Chapter 3. Cross-Domain Attacks
Chapter 4. Malicious JavaScript and AJAX
Chapter 5. .Net Security
Chapter 6. AJAX Types, Discovery, and Parameter Manipulation
Chapter 7. AJAX Framework Exposures
Part IV: Thick Clients
Chapter 8. ActiveX Security
Chapter 9. Attacking Flash Applications



本書簡明扼要地指出了 Web 2.0 網站每天面臨的攻擊類型,並提供了實用的建議,教導如何識別和減輕這些威脅。Facebook 的資深安全總監 Max Kelly 說:「這本書清楚地指出了 Web 2.0 網站每天面臨的攻擊類型,並提供了實用的建議,教導如何識別和減輕這些威脅。」本書使用專業的策略,保護您的 Web 2.0 架構免受最新一波的網絡犯罪威脅。《Hacking Exposed Web 2.0》展示了黑客如何進行偵察、選擇入口點並攻擊基於 Web 2.0 的服務,並揭示了詳細的對策和防禦技巧。您將學習如何避免注入和緩衝區溢出攻擊,修復瀏覽器和插件漏洞,以及保護 AJAX、Flash 和 XML 驅動的應用程式。真實案例研究展示了社交網絡網站的弱點、跨站攻擊方法、遷移漏洞和 IE7 的不足之處。


- 使用經過驗證的 Hacking Exposed 方法來修補 Web 2.0 實現中的安全漏洞
- 學習黑客如何針對和濫用易受攻擊的 Web 2.0 應用程式、瀏覽器、插件、在線數據庫、用戶輸入和 HTML 表單
- 預防基於 Web 2.0 的 SQL、XPath、XQuery、LDAP 和命令注入攻擊
- 繞過 XXE、目錄遍歷和緩衝區溢出攻擊
- 學習 XSS 和跨站請求偽造方法,以繞過瀏覽器安全控制
- 修補 Outlook Express 和 Acrobat Reader 插件的漏洞
- 使用輸入驗證器和 XML 類別來加強安全性。