Hacking Exposed Web Applications, Second Edition

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

• Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
• Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
•  Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
• See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques
• Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
• Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
• Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
• Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

(McGraw-Hill)