Web Hacking: Attacks and Defense (Paperback)

Stuart McClure, Saumil Shah, Shreeraj Shah

  • 出版商: Addison Wesley
  • 出版日期: 2002-08-18
  • 售價: $1,580
  • 貴賓價: 9.5$1,501
  • 語言: 英文
  • 頁數: 528
  • 裝訂: Paperback
  • ISBN: 0201761769
  • ISBN-13: 9780201761764
  • 相關分類: 駭客 Hack
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

商品描述

Description

"Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..."
--From the Foreword by William C. Boni, Chief Information Security Officer, Motorola
"Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why."
--Lance Spitzner, Founder, The Honeynet Project

Whether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.

Features include:

  • Overview of the Web and what hackers go after
  • Complete Web application security methodologies
  • Detailed analysis of hack techniques
  • Countermeasures
  • What to do at development time to eliminate vulnerabilities
  • New case studies and eye-opening attack scenarios
  • Advanced Web hacking concepts, methodologies, and tools

"How Do They Do It?" sections show how and why different attacks succeed, including:

  • Cyber graffiti and Web site defacements
  • e-Shoplifting
  • Database access and Web applications
  • Java™ application servers; how to harden your Java™ Web Server
  • Impersonation and session hijacking
  • Buffer overflows, the most wicked of attacks
  • Automated attack tools and worms

Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.

Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.

 

Table of Contents

(NOTE: Each chapter begins with an Introduction and concludes with a Summary.)

Foreword.


Introduction.

“We're Secure, We Have a Firewall”.

To Err Is Human.

Writing on the Wall.

Book Organization.

Parts.

Chapters.

A Final Word.

Acknowledgments.

Contributor.

I. THE E-COMMERCE PLAYGROUND.

Case Study: Acme Art, Inc. Hacked!


1. Web Languages: The Babylon of the 21st Century.

Languages of the Web.

HTML.

Dynamic HTML (DHTML).

XML.

XHTML.

Perl.

PHP.

ColdFusion.

Active Server Pages.

CGI.

Java.

2. Web and Database Servers.

Web Servers.

Apache.

Microsoft's Internet Information Server (IIS).

Database Servers.

Microsoft SQL Server.

Oracle.

3. Shopping Carts and Payment Gateways.

Evolution of the Storefront.

Electronic Shopping.

Shopping Cart Systems.

Scope and Lifetime of an Electronic Shopping Cart.

Collecting, Analyzing, and Comparing Selected Components.

Keeping Track of the Total Cost.

Change of Mind.

Processing the Purchase.

Implementation of a Shopping Cart Application.

Product Catalog.

Session Management.

Database Interfacing.

Integration with the Payment Gateway.

Examples of Poorly Implemented Shopping Carts.

Carello Shopping Cart.

DCShop Shopping Cart.

Hassan Consulting's Shopping Cart.

Cart32 and Several Other Shopping Carts.

Processing Payments.

Finalizing the Order.

Method of Payment.

Verification and Fraud Protection.

Order Fulfillment and Receipt Generation.

Overview of the Payment Processing System.

Innovative Ways to Combat Credit Card Fraud.

Order Confirmation Page.

Payment Gateway Interface.

Transaction Database Interface.

Interfacing with a Payment Gateway—An Example.

Payment System Implementation Issues.

Integration.

Temporary Information.

SSL.

Storing User Profiles.

Vulnerabilities Caused by Poor Integration of Shopping Cart and Payment Gateway.

PayPal—Enabling Individuals to Accept Electronic Payments.

4. HTTP and HTTPS: The Hacking Protocols.

Protocols of the Web.

HTTP.

HTTPS (HTTP over SSL).

5. URL: The Web Hacker's Sword.

URL Structure.

Web Hacker Psychology.

URLs and Parameter Passing.

URL Encoding.

Meta-Characters.

Specifying Special Characters on the URL String.

Meta-Characters and Input Validation.

Unicode Encoding.

The Acme Art, Inc. Hack.

Abusing URL Encoding.

Unicode Encoding and Code Red's Shell Code.

Unicode Vulnerability.

The Double-Decode or Superfluous Decode Vulnerability.

HTML Forms.

Anatomy of an HTML Form.

Input Elements.

Parameter Passing Via GET and POST.

II. URLS UNRAVELED.

Case Study: Reconnaissance Leaks Corporate Assets.


6. Web: Under (the) Cover.

The Components of a Web Application.

The Front-End Web Server.

The Web Application Execution Environment.

The Database Server.

Wiring the Components.

The Native Application Processing Environment.

Web Server APIs and Plug-Ins.

URL Mapping and Internal Proxying.

Proxying with a Back-End Application Server.

Examples.

Connecting with the Database.

The Craftiest Hack of Them All.

Using Native Database APIs.

Examples.

Using ODBC.

Using JDBC.

Specialized Web Application Servers.

Identifying Web Application Components from URLs.

The Basics of Technology Identification.

Examples.

More Examples.

Advanced Techniques for Technology Identification.

Examples.

Identifying Database Servers.

Countermeasures.

Rule 1: Minimize Information Leaked from the HTTP Header.

Rule 2: Prevent Error Information from Being Sent to the Browser.

7. Reading Between the Lines.

Information Leakage Through HTML.

What the Browsers Don't Show You .

Netscape Navigator—View | Page Source.

Internet Explorer—View | Source.

Clues to Look For.

HTML Comments.

Revision History.

Developer or Author Details.

Cross-References to Other Areas of the Web Application.

Reminders and Placeholders.

Comments Inserted by Web Application Servers.

Old “Commented-Out” Code.

Internal and External Hyperlinks.

E-mail Addresses and Usernames.

UBE, UCE, Junk Mail, and Spam.

Keywords and Meta Tags.

Hidden Fields.

Client-Side Scripts.

Automated Source Sifting Techniques.

Using wget.

Using grep.

Sam Spade, Black Widow, and Teleport Pro.

8. Site Linkage Analysis.

HTML and Site Linkage Analysis.

Site Linkage Analysis Methodology.

Step 1: Crawling the Web Site .

Crawling a Site Manually.

A Closer Look at the HTTP Response Header.

Some Popular Tools for Site Linkage Analysis.

Step-1 Wrap-Up.

Crawlers and Redirection.

Step 2: Creating Logical Groups Within the Application Structure.

Step-2 Wrap-Up.

Step 3: Analyzing Each Web Resource.

1. Extension Analysis.

2. URL Path Analysis.

3. Session Analysis.

4. Form Determination.

5. Applet and Object Identification.

6. Client-Side Script Evaluation.

7. Comment and E-Mail Address Analysis.

Step-3 Wrap-Up.

Step 4: Inventorying Web Resources.

III. HOW DO THEY DO IT?

Case Study: How Boris Met Anna's Need for Art Supplies.


9. Cyber Graffiti.

Defacing Acme Travel, Inc.'s Web Site.

Mapping the Target Network.

Throwing Proxy Servers in Reverse.

Brute Forcing HTTP Authentication.

Directory Browsing.

Uploading the Defaced Pages.

What Went Wrong?

HTTP Brute-Forcing Tools.

Brutus.

WebCracker 4.0.

Countermeasures Against the Acme Travel, Inc. Hack.

Turning Off Reverse Proxying.

Using Stronger HTTP Authentication Passwords.

Turning off Directory Browsing.

10. E-Shoplifting.

Building an Electronic Store.

The Store Front-End.

The Shopping Cart.

The Checkout Station.

The Database.

Putting It All Together.

Evolution of Electronic Storefronts.

Robbing Acme Fashions, Inc.

Setting Up Acme's Electronic Storefront.

Tracking Down the Problem.

Bypassing Client-Side Validation.

Using Search Engines to Look for Hidden Fields.

Overhauling www.acme-fashions.com.

Facing a New Problem with the Overhauled System.

Postmortem and Further Countermeasures.

Shopping Carts with Remote Command Execution.

11. Database Access.

Direct SQL Attacks.

A Used Car Dealership Is Hacked.

Input Validation.

Countermeasures.

12. Java: Remote Command Execution.

Java-Driven Technology.

Architecture of Java Application Servers.

Attacking a Java Web Server.

Identifying Loopholes in Java Application Servers.

Example: Online Stock Trading Portal.

Invoking FileServlet.

Countermeasures.

Harden the Java Web Server.

Other Conceptual Countermeasures.

13. Impersonation.

Session Hijacking: A Stolen Identity and a Broken Date.

March 5, 7:00 A.M.—Alice's Residence.

8:30 A.M.—Alice's Workplace.

10:00 A.M.—Bob's Office.

11:00 A.M.—Bob's Office.

12:30 P.M.—Alice's Office.

9:30 P.M.-Bertolini's Italian Cuisine.

Session Hijacking.

Postmortem of the Session Hijacking Attack.

Application State Diagrams.

HTTP and Session Tracking.

Stateless Versus Stateful Applications.

Cookies and Hidden Fields.

Cookie Control, Using Netscape on a Unix Platform.

Cookies.

Hidden Fields.

Implementing Session and State Tracking.

Session Identifiers Should Be Unique.

Session Identifiers Should Not Be “Guessable”.

Session Identifiers Should Be Independent.

Session Identifiers Should Be Mapped with Client-Side Connections.

14. Buffer Overflows: On-the-Fly.

Example.

Buffer Overflows.

Buffer Overflow: Its Simplest Form.

Buffer Overflow: An Example.

Postmortem Countermeasures.

IV. ADVANCED WEB KUNG FU.

Case Study.


15. Web Hacking: Automated Tools.

Netcat.

Whisker.

Brute Force.

Brutus.

Achilles.

Cookie Pal.

Teleport Pro.

Security Recommendations.

16. Worms.

Code Red Worm.

January 26, 2000.

June 18, 2001: The First Attack.

July 12, 2001.

July 19, 2001.

August 4, 2001.

Nimda Worm.

Combatting Worm Evolution.

React and Respond.

17. Beating the IDS.

IDS Basics.

Network IDSs.

Host-Based IDSs.

IDS Accuracy.

Getting Past an IDS.

Secure Hacking-Hacking Over SSL.

Example.

Tunneling Attacks via SSL.

Intrusion Detection via SSL.

Sniffing SSL Traffic.

Polymorphic URLs.

Hexadecimal Encoding.

Illegal Unicode/Superfluous Encoding.

Adding Fake Paths.

Inserting Slash-Dot-Slash Strings.

Using Nonstandard Path Separators.

Using Multiple Slashes.

Mixing Various Techniques.

Generating False Positives.

IDS Evasion in Vulnerability Checkers.

Potential Countermeasures.

SSL Decryption.

URL Decoding.

Appendix A: Web and Database Port Listing.Appendix B: HTTP/1.1 and HTTP/1.0 Method and Field Definitions.Appendix C: Remote Command Execution Cheat Sheet.Appendix D: Source Code, File, and Directory Disclosure Cheat Sheet.Appendix E: Resources and Links.Appendix F: Web-Related Tools.Index. 0201761769T07312002

商品描述(中文翻譯)

描述

無論是新手還是經驗豐富的讀者,都將對網絡黑客攻擊的發生方式有更深入的理解,並在開發防禦這些網絡攻擊的技能上有所提升。涵蓋的技術包括網絡語言和協議、網絡和數據庫服務器、支付系統和購物車,以及與URL相關的關鍵漏洞。這本書是一個虛擬的戰略計劃,將幫助您識別並消除可能使您的網站離線的威脅... -摘自摩托羅拉首席信息安全官William C. Boni的前言。

“僅僅擁有防火牆和入侵檢測系統並不意味著您是安全的;這本書將向您展示原因。”-The Honeynet Project創始人Lance Spitzner。

無論是小規模的破壞還是大規模的網絡搶劫,黑客都與其他人一樣轉向網絡。使用基於網絡的業務應用程序的組織面臨越來越大的風險。《Web Hacking: Attacks and Defense》是一本關於網絡攻擊和防禦的強大指南。安全專家Stuart McClure(《Hacking Exposed》的主要作者)、Saumil Shah和Shreeraj Shah提供了廣泛的網絡攻擊和防禦知識。

特點包括:
- 網絡概述和黑客攻擊目標
- 完整的網絡應用程序安全方法論
- 對黑客技術的詳細分析
- 對策措施
- 在開發時消除漏洞的方法
- 新的案例研究和令人震驚的攻擊場景
- 高級網絡黑客概念、方法和工具

“他們是如何做到的?”部分展示了不同攻擊成功的方式和原因,包括:
- 網絡塗鴉和網站破壞
- 電子商店盜竊
- 數據庫訪問和網絡應用程序
- Java應用程序服務器;如何加固您的Java Web服務器
- 冒充和會話劫持
- 緩衝區溢出,最惡毒的攻擊之一
- 自動攻擊工具和蠕蟲

附錄包括網絡和數據庫端口列表、遠程命令執行的秘籍和源代碼洩露技術。

《Web Hacking》從戰壕中提供信息。專家們向您展示如何將網絡攻擊的各個階段聯繫在一起,以便您能夠最好地防禦它們。這本書以最大限度地吸收大腦的方式撰寫,具有無與倫比的技術內容和經過實戰驗證的分析,將幫助您對抗可能造成昂貴的安全威脅和攻擊。

目錄

(注意:每章開始時都有簡介,結束時都有摘要。)