Hacking Exposed Web Applications, 3/e (Paperback)

Joel Scambray, Vincent Liu, Caleb Sima

  • 出版商: McGraw-Hill Education
  • 出版日期: 2010-11-05
  • 定價: $1,850
  • 售價: 8.0$1,480
  • 語言: 英文
  • 頁數: 482
  • 裝訂: Paperback
  • ISBN: 0071740643
  • ISBN-13: 9780071740647
  • 相關分類: 駭客 Hack
  • 立即出貨(限量) (庫存=1)



The latest Web app attacks and countermeasures from world-renowned practitioners

Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

  • Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster
  • See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation
  • Understand how attackers defeat commonly used Web authentication technologies
  • See how real-world session attacks leak sensitive data and how to fortify your applications
  • Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques
  • Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments
  • Safety deploy XML, social networking, cloud computing, and Web 2.0 services
  • Defend against RIA, Ajax, UGC, and browser-based, client-side exploits
  • Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures


保護您的網路應用程式,掌握當今駭客的武器和思維方式,以防範惡意攻擊。《Hacking Exposed Web Applications, Third Edition》由公認的安全專家和思想領袖撰寫,全面更新以涵蓋新的滲透方法和對策。了解如何加強身份驗證和授權,修補Firefox和IE的漏洞,防範注入攻擊,以及保護Web 2.0功能。本書還介紹了將安全整合到Web開發生命週期(SDL)和更廣泛的企業資訊安全計劃中的方法。

  • 詳細了解駭客的足跡、掃描和分析工具,包括SHODAN、Maltego和OWASP DirBuster

  • 觀察流行平台(如Sun Java System Web Server和Oracle WebLogic)的新型攻擊

  • 了解駭客如何破解常用的網路身份驗證技術

  • 瞭解現實世界中的會話攻擊如何洩漏敏感資料,以及如何加強應用程式的安全性

  • 學習當今最具破壞性的駭客方法,包括SQL注入、XSS、XSRF、釣魚和XML注入技術

  • 找出並修補ASP.NET、PHP和J2EE執行環境中的漏洞

  • 安全部署XML、社交網路、雲端運算和Web 2.0服務

  • 防禦RIA、Ajax、UGC和基於瀏覽器的客戶端攻擊

  • 實施可擴展的威脅建模、程式碼審查、應用程式掃描、模糊測試和安全測試程序