| Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions Contributor(s): Cannings, Rich (Author), Dwivedi, Himanshu (Author), Lackey, Zane (Author) |
|
 |
ISBN: 0071494618 ISBN-13: 9780071494618 Publisher: McGraw-Hill Companies OUR PRICE: $57.60 Product Type: Paperback - Other Formats Published: January 2008 Annotation: Lock down next-generation Web services "This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.Plug security holes in Web 2.0 implementations the proven Hacking Exposed wayLearn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML formsPrevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks Circumvent XXE, directory traversal, and buffer overflow exploits Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls Fix vulnerabilities in Outlook Express and Acrobat Reader add-onsUse input validators and XML classes to reinforce ASP and .NET security Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applicationsMitigate ActiveX security exposures using SiteLock, code signing, and secure controlsFind and fixAdobe Flash vulnerabilities and DNS rebinding attacks |
| Additional Information |
| BISAC Categories: - Computers | Security - General - Computers | Networking - General |
| Dewey: 005.8 |
| LCCN: 2007047047 |
| Series: Hacking Exposed |
| Physical Information: 0.6" H x 7.36" W x 9.06" (1.04 lbs) 258 pages |
| Descriptions, Reviews, Etc. |
| Publisher Description: Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Lock down next-generation Web services This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats. --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.
|
Contributor Bio(s): Dwivedi, Himanshu: - Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. At iSEC, Himanshu manages the firm's product development efforts and co-manages the sales and marketing programs. Himanshu is also a renowned industry author with six security books published, including Mobile Application Security (McGraw Hill/Osborne), Hacking VoIP (No Starch Press), Hacking Exposed: Web 2.0 (McGraw Hill/Osborne), Hacker's Challenge 3 (McGraw Hill/Osborne), Securing Storage (Addison Wesley), and Implementing SSH (Wiley). In addition to the books, Himanshu also has a patent pending on Fibre Channel security. Before starting iSEC Partners, Himanshu was the Regional Technical Director at @stake, Inc.Lackey, Zane: - Zane Lackey is a Security Consultant with iSEC Partners, an information security organization. Zane regularly performs application penetration testing and code reviews for iSEC. His research focus includes AJAX web applications and VoIP security. Zane has spoken at top security conferences including BlackHat 2006/2007 and Toorcon. Additionally, he is a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill/November 2007) and contributing author of Hacking VoIP (No Starch Press/October 2007). Prior to iSEC, Zane focused on Honeynet research at the University of California-Davis, Computer Security Research Lab, under noted security researcher Dr. Matt Bishop.Cannings, Rich: - Rich Cannings is a senior information security engineer at Google. Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization, and the author of several security books. Zane Lackey is a senior security consultant with iSEC Partners. |