- How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
- ISBN-10: 0321369440 • ISBN-13: 9780321369444
- ©2006 • Addison-Wesley Professional • Paper, 240 pp
Published 02/02/2006 • Instock
About the Authors xi
Chapter 1: The Web Is Different 1
Chapter 2: Gathering Information on the Target 11
Chapter 3: Attacking the Client 29
Chapter 4: State-Based Attacks 41
Chapter 5: Attacking User-Supplied Input Data 65
Chapter 6: Language-Based Attacks 85
Chapter 7: Attacking the Server 99
Chapter 8: Authentication 115
Chapter 9: Privacy 135
Chapter 10: Web Services 149
Appendix A: Fifty Years of Software: Key Principles for Quality 159
Appendix B: Flowershop Bugs 171
Appendix C: Tools 179
"The techniques in this book are not an option for testers–they are mandatory and these are the guys to tell you how to apply them!"
Rigorously test and improve the security of all your Web software!
It’s as certain as death and taxes: hackers will mercilessly attack your Web sites, applications, and services. If you’re vulnerable, you’d better discover these attacks yourself, before the black hats do. Now, there’s a definitive, hands-on guide to security-testing any Web-based software: How to Break Web Software.
In this book, two renowned experts address every category of Web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding. The authors reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find. Coverage includes
· Client vulnerabilities, including attacks on client-side validation
· State-based attacks: hidden fields, CGI parameters, cookie poisoning, URL jumping, and session hijacking
· Attacks on user-supplied inputs: cross-site scripting, SQL injection, and directory traversal
· Language- and technology-based attacks: buffer overflows, canonicalization, and NULL string attacks
· Server attacks: SQL Injection with stored procedures, command injection, and server fingerprinting
· Cryptography, privacy, and attacks on Web services
Your Web software is mission-critical–it can’t be compromised. Whether you’re a developer, tester, QA specialist, or IT manager, this book will help you protect that software–systematically.
Companion CD contains full source code for one testing tool you can modify and extend, free Web security testing tools, and complete code from a flawed Web site designed to give you hands-on practice in identifying security holes.
Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.
Nobody is smarter than you when it comes to reaching your students. You know how to convey knowledge in a way that is relevant and relatable to your class. It's the reason you always get the best out of them. And when it comes to planning your curriculum, you know which course materials express the information in the way that’s most consistent with your teaching. That’s why we give you the option to personalize your course material using just the Pearson content you select. Take only the most applicable parts of your favorite materials and combine them in any order you want. You can even integrate your own writing if you wish. It's fast, it's easy and fewer course materials help minimize costs for your students.
For more information: www.pearsonlearningsolutions.com/higher-education
Explore our course catalogs and see how you can customize your own textbooks.
Our library is vast, and it's all at your fingertips. Create a custom book by selecting content from any of our course-specific collections. Here, you'll find chapters from Pearson titles, carefully-selected third-party content with copyright clearance, and pedagogy. Once you're satisfied with your customized book, you will have a print-on-demand book that can be purchased by students in the same way they purchase other course material.
Browse through our list of published titles. These books are examples of original manuscripts created in partnership with local Custom Field Editors. They have been authored by instructors at specific campuses, but are readily available for adoption.
Pearson Learning Solutions will partner with you to select or create eBooks, custom eBooks, online learning courses, resource materials, teaching content, media resources and media supplements. Simply share your course goals with our world-class experts, and they will offer you a selection of outstanding, up-to-the-minute solutions.
Pearson Learning Solutions offers a broad range of courses and custom solutions for web-enhanced, blended and online learning. Our course content is developed by a team of respected subject matter experts and experienced eLearning instructional designers. All course content is designed around specific learning objectives.
For more information: www.pearsonlearningsolutions.com/higher-education/customizable-online-courseware