Document Type
|
:
|
BL
|
Record Number
|
:
|
640569
|
Doc. No
|
:
|
dltt
|
Main Entry
|
:
|
Barnett, Ryan C.
|
Title & Author
|
:
|
Web Application Defender's Cookbook : : Battling Hackers and Protecting Users
|
Edition Statement
|
:
|
1. ed
|
|
:
|
1. ed
|
Page. NO
|
:
|
1 online resource (xxix, 522 pages) :: illustrations
|
ISBN
|
:
|
9781118362181
|
|
:
|
: 1118362187
|
|
:
|
: 9781118568712
|
|
:
|
: 1118568710
|
|
:
|
: 9781118417058
|
|
:
|
: 1118417054
|
|
:
|
: 9781118568651
|
|
:
|
: 1118568656
|
Bibliographies/Indexes
|
:
|
Includes bibliographical references and index
|
Contents
|
:
|
Cover; Part I: Preparing the Battle Space; Chapter 1: Application Fortification; Recipe 1-1: Real-time Application Profiling; Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens; Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS); Recipe 1-4: Integrating Intrusion Detection System Signatures; Recipe 1-5: Using Bayesian Attack Payload Detection; HTTP Audit Logging; Recipe 1-6: Enable Full HTTP Audit Logging; Recipe 1-7: Logging Only Relevant Transactions; Recipe 1-9: Obscuring Sensitive Data in Logs
|
|
:
|
Recipe 1-10: Sending Alerts to a Central Log Host Using SyslogRecipe 1-11: Using the ModSecurity AuditConsole; Recipe 1-8: Ignoring Requests for Static Content; Chapter 2: Vulnerability Identification and Remediation; Internally Developed Applications; Externally Developed Applications; Virtual Patching; Recipe 2-1: Passive Vulnerability Identification; Active Vulnerability Identification; Recipe 2-2: Active Vulnerability Identification; Manual Vulnerability Remediation; Recipe 2-3: Manual Scan Result Conversion; Recipe 2-4: Automated Scan Result Conversion
|
|
:
|
Recipe 2-5: Real-time Resource Assessments and Virtual PatchingChapter 3: Poisoned Pawns (Hacker Traps); Honeytrap Concepts; Recipe 3-1: Adding Honeypot Ports; Recipe 3-2: Adding Fake robots.txt Disallow Entries; Recipe 3-3: Adding Fake HTML Comments; Recipe 3-4: Adding Fake Hidden Form Fields; Recipe 3-5: Adding Fake Cookies; Part II: Asymmetric Warfare; Chapter 4: Reputation and Third-Party Correlation; Suspicious Source Identification; Recipe 4-1: Analyzing the Client's Geographic Location Data; Recipe 4-2: Identifying Suspicious Open Proxy Usage
|
|
:
|
Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL)Recipe 4-4: Running Your Own RBL; Recipe 4-5: Detecting Malicious Links; Chapter 5: Request Data Analysis; Request Data Acquisition; Recipe 5-1: Request Body Access; Recipe 5-2: Identifying Malformed Request Bodies; Recipe 5-3: Normalizing Unicode; Recipe 5-4: Identifying Use of Multiple Encodings; Recipe 5-5: Identifying Encoding Anomalies; Input Validation Anomalies; Recipe 5-6: Detecting Request Method Anomalies; Recipe 5-7: Detecting Invalid URI Data; Recipe 5-8: Detecting Request Header Anomalies
|
|
:
|
Recipe 5-9: Detecting Additional ParametersRecipe 5-10: Detecting Missing Parameters; Recipe 5-11: Detecting Duplicate Parameter Names; Recipe 5-12: Detecting Parameter Payload Size Anomalies; Recipe 5-13: Detecting Parameter Character Class Anomalies; Chapter 6: Response Data Analysis; Recipe 6-1: Detecting Response Header Anomalies; Recipe 6-2: Detecting Response Header Information Leakages; Recipe 6-3: Response Body Access; Recipe 6-7: Detecting Source Code Leakages; Recipe 6-8: Detecting Technical Data Leakages; Recipe 6-9: Detecting Abnormal Response Time Intervals
|
Abstract
|
:
|
Defending your web applications against hackers and attackers The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants. Each
|
Subject
|
:
|
Computer security.
|
Subject
|
:
|
Computer crimes-- Prevention.
|
Subject
|
:
|
Computer networks-- Security measures.
|
Subject
|
:
|
Hackers.
|
Dewey Classification
|
:
|
005.8
|
LC Classification
|
:
|
QA76.9.A25B37 2013eb
|
|
:
|
QA76.9.A25B37 2013eb
|