Web Security Testing Cookbook
Paco. Hope
Bok Engelsk 2008 · Electronic books.
| Utgitt | Sebastopol : : O'Reilly Media, , 2008.
|
|---|---|
| Omfang | 1 online resource (320 p.)
|
| Opplysninger | Description based upon print version of record.. - Web Security Testing Cookbook; Preface; Leveraging Free Tools; About the Cover; Organization; Section Two: Testing Techniques; Section Three: Advanced Techniques; Conventions Used in This Book; Conventions in Examples; Using Code Examples; Safari® Books Online; Comments and Questions; Acknowledgments; Ben Walther; Our Reviewers; O'Reilly; 1. Introduction; Fulfilling Requirements; Security Testing Is More of the Same; Equivalence classes; Security classes; What Are Web Applications?; Fundamentals of HTTP; HTTP is stateless; HTTP is simple text; Web Application Fundamentals. - DiscussionOther tools; Converting Base-36 Numbers in a Web Page; Solution; Discussion; Working with Base 36 in Perl; Solution; Discussion; Working with URL-Encoded Data; Solution; Decode; Discussion; Working with HTML Entity Data; Solution; Discussion; Calculating Hashes; Solution; SHA1; Discussion; SHA-1 hashes; Recognizing Time Formats; Solution; Discussion; Encoding Time Values Programmatically; Solution; Discussion; Decoding ASP.NET's ViewState; Solution; Discussion; Decoding Multiple Encodings; Solution; Discussion; 5. Tampering with Input; Solution; Discussion; Bypassing Input Limits. - Installing Perl and Using CPAN on Linux, Unix, or OS XSolution; Discussion; Installing CAL9000; Solution; Discussion; Installing the ViewState Decoder; Solution; Discussion; Installing cURL; Solution; Discussion; Installing Pornzilla; Solution; Discussion; Installing Cygwin; Solution; Discussion; Installing Nikto 2; Solution; Discussion; Installing Burp Suite; Solution; Discussion; Installing Apache HTTP Server; Solution; Discussion; 3. Basic Observation; Solution; Discussion; Viewing the Source, Advanced; Solution; Discussion; Observing Live Request Headers with Firebug; Solution; Discussion. - Observing Live Post Data with WebScarabSolution; Discussion; Seeing Hidden Form Fields; Solution; Discussion; Observing Live Response Headers with TamperData; Solution; Discussion; Highlighting JavaScript and Comments; Solution; Discussion; Detecting JavaScript Events; Solution; Discussion; Modifying Specific Element Attributes; Solution; Discussion; Track Element Attributes Dynamically; Solution; Discussion; Conclusion; 4. Web-Oriented Data Encoding; Solution; Octal data; Base 36; Discussion; Working with Base 64; Solution; Encode the entire contents of a file; Encode a simple string. - Solution. - Web Application StructuresOne-layer web applications; Two-layer web applications; Three-layer web applications; The effect of layers on testing; Web App Security Testing; It's About the How; How, Not What; How, Not Where; How, Not Who; How, Not When; Software Security, Not IT Security; 2. Installing Some Free Tools; Solution; Discussion; Installing Firefox Extensions; Solution; Discussion; Installing Firebug; Solution; Discussion; Installing OWASP's WebScarab; Solution; Discussion; Installing Perl and Packages on Windows; Solution; Discussion. - Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite. Recipes cover the basics from observing messages between clients and servers to multi-phas
|
| Emner | Computer software -- Validation.
Computer Science Engineering & Applied Sciences world wide web sikkerhet datanett datamaskinnett www |
| Sjanger | |
| Dewey | |
| ISBN | 0596514832. - 9780596514839
|
