Hacking Exposed (TM) Web Applications - Softcover

About the Authors

Joel Scambray, CISSP, is Managing Principal with Citigal as well as Co-Founder of Consciere LLC. He was previously chief strategy officer for Leviathan Security Group. He has assisted companies ranging from newly minted startups to members of the Fortune 50 in addressing information security challenges and opportunities for over a dozen years. Joel's background includes roles as an executive, technical consultant, and entrepreneur. He was a senior director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone, Inc. He has also held positions as a Manager for Ernst & Young, Chief Strategy Officer for Leviathan, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. Joel has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including CERT, CSI, ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel Scambray is the co-author of all 6 editions of Hacking Exposed. He is also the lead author of Hacking Exposed Windows and Hacking Exposed Web Applications.

Mike Shema is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit.

From the Back Cover

"This book goes a long way in making the Web a safer place to do business." Mark Curphey, Chair of the Open Web Application Security Project

Unleash the hackers' arsenal to secure your Web applications

In today's world of pervasive Internet connectivity and rapidly evolving Web technology, online security is as critical as it is challenging. With the enhanced availability of information and services online and Web-based attacks and break-ins on the rise, security risks are at an all time high. Hacking Exposed Web Applications shows you, step-by-step, how to defend against the latest Web-based attacks by understanding the hacker's devious methods and thought processes. Discover how intruders gather information, acquire targets, identify weak spots, gain control, and cover their tracks. You'll get in-depth coverage of real-world hacks both simple and sophisticated and detailed countermeasures to protect against them.

What you'll learn:

-The proven Hacking Exposed methodology to locate, exploit, and patch vulnerable platforms and applications
-How attackers identify potential weaknesses in Web application components
-What devastating vulnerabilities exist within Web server platforms such as Apache, Microsoft's Internet Information Server (IIS), Netscape Enterprise Server, J2EE, ASP.NET, and more
-How to survey Web applications for potential vulnerabilities including checking directory structures, helper files, Java classes and applets, HTML comments, forms, and query strings
-Attack methods against authentication and session management features such as cookies, hidden tags, and session identifiers
-Most common input validation attacks crafted input, command execution characters, and buffer overflows
-Countermeasures for SQL injection attacks such as robust error handling, custom stored procedures, and proper database configuration
-XML Web services vulnerabilities and best practices
-Tools and techniques used to hack Web clients including cross-site scripting, active content attacks and cookie manipulation
-Valuable checklists and tips on hardening Web applications and clients based on the authors' consulting experiences