Web Application Security. 2nd Edition - Helion

ebook

Autor: Andrew Hoffman
ISBN: 9781098143893
stron: 444, Format: ebook
Data wydania: 2024-01-17
Księgarnia: Helion

Cena książki: 173,76 zł (poprzednio: 238,03 zł)
Oszczędzasz: 27% (-64,27 zł)

Osoby, które kupiły tę książkę, wybierały także »

In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of application security: reconnaissance, offense, and defense. In this revised and updated second edition, he examines dozens of related topics, from the latest types of attacks and mitigations to threat modeling, the secure software development lifecycle (SSDL/SDLC), and more.

Hoffman, senior staff security engineer at Ripple, also provides information regarding exploits and mitigations for several additional web application technologies such as GraphQL, cloud-based deployments, content delivery networks (CDN) and server-side rendering (SSR). Following the curriculum from the first book, this second edition is split into three distinct pillars comprising three separate skill sets:

Pillar 1: Recon—Learn techniques for mapping and documenting web applications remotely, including procedures for working with web applications
Pillar 2: Offense—Explore methods for attacking web applications using a number of highly effective exploits that have been proven by the best hackers in the world. These skills are valuable when used alongside the skills from Pillar 3.
Pillar 3: Defense—Build on skills acquired in the first two parts to construct effective and long-lived mitigations for each of the attacks described in Pillar 2.

Osoby które kupowały "Web Application Security. 2nd Edition", wybierały także:

Cisco CCNA 200-301. Kurs video. Administrowanie bezpieczeństwem sieci. Część 3 665,00 zł, (39,90 zł -94%)
Cisco CCNA 200-301. Kurs video. Administrowanie urządzeniami Cisco. Część 2 665,00 zł, (39,90 zł -94%)
Cisco CCNA 200-301. Kurs video. Podstawy sieci komputerowych i konfiguracji. Część 1 665,00 zł, (39,90 zł -94%)
Impact of P2P and Free Distribution on Book Sales 427,14 zł, (29,90 zł -93%)
Cisco CCNP Enterprise 350-401 ENCOR. Kurs video. Programowanie i automatyzacja sieci 443,33 zł, (39,90 zł -91%)

Spis treści

Web Application Security. 2nd Edition eBook -- spis treści

Preface
- Changes from the First Edition
- Prerequisite Knowledge and Learning Goals
- Why Are Examples in JavaScript?
- Why Teach Concepts Instead of Tools?
- Suggested Background
- Minimum Required Skills
- Who Benefits Most from Reading This Book?
  - Software Engineers and Web Application Developers
    - Software engineers
    - Web application developers
  - General Learning Goals
  - Security Engineers, Pen Testers, and Bug Bounty Hunters
- How Is This Book Organized?
  - Recon
  - Offense
  - Defense
- Language and Terminology
- Summary
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. The History of Software Security
- The Origins of Hacking
- The Enigma Machine, Circa 1930
- Automated Enigma Code Cracking, Circa 1940
- Telephone Phreaking, Circa 1950
- Anti-Phreaking Technology, Circa 1960
- The Origins of Computer Hacking, Circa 1980
- The Rise of the World Wide Web, Circa 2000
- Hackers in the Modern Era, Circa 2015+
- Summary
I. Recon
2. Introduction to Web Application Reconnaissance
- Information Gathering
- Web Application Mapping
- Summary
3. The Structure of a Modern Web Application
- Modern Versus Legacy Web Applications
- REST APIs
- JavaScript Object Notation
- JavaScript
  - Variables and Scope
  - Functions
  - Context
  - Prototypal Inheritance
  - Asynchrony
  - Browser DOM
- SPA Frameworks
- Authentication and Authorization Systems
  - Authentication
  - Authorization
- Web Servers
- Server-Side Databases
- Client-Side Data Stores
- GraphQL
- Version Control Systems
- CDN/Cache
- Summary
4. Finding Subdomains
- Multiple Applications per Domain
- The Browsers Built-In Network Analysis Tools
- Taking Advantage of Public Records
  - Search Engine Caches
  - Accidental Archives
  - Social Snapshots
    - Twitter API
- Zone Transfer Attacks
- Brute Forcing Subdomains
- Dictionary Attacks
- Summary
5. API Analysis
- Endpoint Discovery
- Authentication Mechanisms
- Endpoint Shapes
  - Common Shapes
  - Application-Specific Shapes
- Summary
6. Identifying Third-Party Dependencies
- Detecting Client-Side Frameworks
  - Detecting SPA Frameworks
    - EmberJS
    - Angular
    - React
    - VueJS
  - Detecting JavaScript Libraries
  - Detecting CSS Libraries
- Detecting Server-Side Frameworks
  - Header Detection
  - Default Error Messages and 404 Pages
  - Database Detection
- Summary
7. Identifying Weak Points in Application Architecture
- Secure Versus Insecure Architecture Signals
- Multiple Layers of Security
- Adoption and Reinvention
- Summary
8. Part I Summary
II. Offense
9. Introduction to Hacking Web Applications
- The Hackers Mindset
- Applied Recon
10. Cross-Site Scripting
- XSS Discovery and Exploitation
- Stored XSS
- Reflected XSS
- DOM-Based XSS
- Mutation-Based XSS
- Bypassing Filters
  - Self-Closing HTML Tags
  - Protocol-Relative URLs
  - Malformed Tags
  - Encoding Escapes
  - Polyglot Payloads
- XSS Sinks and Sources
- Summary
11. Cross-Site Request Forgery
- Query Parameter Tampering
- Alternate GET Payloads
- CSRF Against POST Endpoints
- Bypassing CSRF Defenses
  - Header Validation
  - Token Pools
  - Weak Tokens
  - Content Types
  - Regex Filter Bypasses
  - Iframe Payloads
  - AJAX Payloads
  - Zero Interaction Forms
- Summary
12. XML External Entity
- XXE Fundamentals
- Direct XXE
- Indirect XXE
- Out-of-Band Data Exfiltration
- Account Takeover Workflow
  - Obtaining System User Data
  - Obtaining Password Hashes
  - Cracking Password Hashes
  - SSH Remote Login
- Summary
13. Injection
- SQL Injection
- Code Injection
- Command Injection
- Injection Data Exfiltration Techniques
  - Data Exfiltration Fundamentals
  - In-Band Data Exfiltration
  - Out-of-Band Data Exfiltration
  - Inferential Data Exfiltration
- Bypassing Common Defenses
- Summary
14. Denial of Service
- Regex DoS
- Logical DoS Vulnerabilities
- Distributed DoS
- Advanced DoS
  - YoYo Attacks
  - Compression Attacks
  - Proxy-Based DoS
- Summary
15. Attacking Data and Objects
- Mass Assignment
- Insecure Direct Object Reference
- Serialization Attacks
  - Web Serialization Explained
  - Attacking Weak Serialization
- Summary
16. Client-Side Attacks
- Methods of Attacking a Browser Client
  - Client-Targeted Attacks
  - Client-Specific Attacks
- Advantages of Client-Side Attacks
- Prototype Pollution Attacks
  - Understanding Prototype Pollution
  - Attacking with Prototype Pollution
  - Prototype Pollution Archetypes
    - Denial of service
    - Property injection
    - Remote code execution
- Clickjacking Attacks
  - Camera and Microphone Exploit
  - Creating Clickjacking Exploits
- Tabnabbing and Reverse Tabnabbing
  - Traditional Tabnabbing
  - Reverse Tabnabbing
    - DOM API attack
    - HTML link attack
    - Iframe attack
- Summary
17. Exploiting Third-Party Dependencies
- Methods of Integration
  - Branches and Forks
  - Self-Hosted Application Integrations
  - Source Code Integration
- Package Managers
  - JavaScript
  - Java
  - Other Languages
- Common Vulnerabilities and Exposures Database
- Summary
18. Business Logic Vulnerabilities
- Custom Math Vulnerabilities
- Programmed Side Effects
- Quasi-Cash Attacks
- Vulnerable Standards and Conventions
- Exploiting Business Logic Vulnerabilities
- Summary
19. Part II Summary
III. Defense
20. Securing Modern Web Applications
- Defensive Software Architecture
- Comprehensive Code Reviews
- Vulnerability Discovery
- Vulnerability Analysis
- Vulnerability Management
- Regression Testing
- Mitigation Strategies
- Applied Recon and Offense Techniques
- Summary
21. Secure Application Architecture
- Analyzing Feature Requirements
- Authentication and Authorization
  - Secure Sockets Layer and Transport Layer Security
  - Secure Credentials
  - Hashing Credentials
    - BCrypt
    - PBKDF2
  - MFA
- PII and Financial Data
- Search Engines
- Zero Trust Architecture
  - The History of Zero Trust
  - Implicit Versus Explicit Trust
  - Authentication and Authorization
- Summary
22. Secure Application Configuration
- Content Security Policy
  - Implementing CSP
  - CSP Structure
  - Important Directives
  - CSP Sources and Source Lists
  - Strict CSP
  - Example Secure CSP Policy
- Cross-Origin Resource Sharing
  - Types of CORS Requests
  - Simple CORS Requests
  - Preflighted CORS Requests
  - Implementing CORS
- Headers
  - Strict Transport Security
  - Cross-Origin-Opener Policy (COOP)
  - Cross-Origin-Resource-Policy (CORP)
  - Headers with Security Implications
  - Legacy Security Headers
- Cookies
  - Creating and Securing Cookies
  - Testing Cookies
- Framing and Sandboxing
  - Traditional Iframe
  - Web Workers
  - Subresource Integrity
  - Shadow Realms
- Summary
23. Secure User Experience
- Information Disclosures and Enumeration
  - Information Disclosures
  - Enumeration
- Secure User Experience Best Practices
- Summary
24. Threat Modeling Applications
- Designing an Effective Threat Model
- Threat Modeling by Example
  - Logic Design
  - Technical Design
  - Threat Identification (Threat Actors)
  - Threat Identification (Attack Vectors)
  - Identifying Mitigations
  - Delta Identification
- Summary
25. Reviewing Code for Security
- How to Start a Code Review
- Archetypical Vulnerabilities Versus Business Logic Vulnerabilities
- Where to Start a Security Review
- Secure-Coding Anti-Patterns
  - Blocklists
  - Boilerplate Code
  - Trust-by-Default
  - Client/Server Separation
- Summary
26. Vulnerability Discovery
- Security Automation
  - Static Analysis
  - Dynamic Analysis
  - Vulnerability Regression Testing
- Responsible Disclosure Programs
- Bug Bounty Programs
- Third-Party Penetration Testing
- Summary
27. Vulnerability Management
- Reproducing Vulnerabilities
- Ranking Vulnerability Severity
- Common Vulnerability Scoring System
  - CVSS: Base Scoring
  - CVSS: Temporal Scoring
  - CVSS: Environmental Scoring
- Advanced Vulnerability Scoring
- Beyond Triage and Scoring
- Summary
28. Defending Against XSS Attacks
- Anti-XSS Coding Best Practices
- Sanitizing User Input
  - DOMParser Sink
  - SVG Sink
  - Blob Sink
  - Sanitizing Hyperlinks
  - HTML Entity Encoding
- CSS XSS
- Content Security Policy for XSS Prevention
  - Script Source
  - Unsafe Eval and Unsafe Inline
  - Implementing a CSP
- Summary
29. Defending Against CSRF Attacks
- Header Verification
- CSRF Tokens
- Anti-CRSF Coding Best Practices
  - Stateless GET Requests
  - Application-Wide CSRF Mitigation
    - Anti-CSRF middleware
- Summary
30. Defending Against XXE
- Evaluating Other Data Formats
- Advanced XXE Risks
- Summary
31. Defending Against Injection
- Mitigating SQL Injection
  - Detecting SQL Injection
  - Prepared Statements
  - Database-Specific Defenses
- Generic Injection Defenses
  - Potential Injection Targets
  - Principle of Least Authority
  - Allowlisting Commands
- Summary
32. Defending Against DoS
- Protecting Against Regex DoS
- Protecting Against Logical DoS
- Protecting Against DDoS
- Summary
33. Defending Data and Objects
- Defending Against Mass Assignment
  - Validation and Allowlisting
  - Data Transfer Objects
- Defending Against IDOR
- Defending Against Serialization Attacks
- Summary
34. Defense Against Client-Side Attacks
- Defending Against Prototype Pollution
  - Key Sanitization
  - Prototype Freezing
  - Null Prototypes
- Defending Against Clickjacking
  - Frame Ancestors
  - Framebusting
- Defending Against Tabnabbing
  - Cross-Origin-Opener Policy
  - Link Blockers
- Isolation Policies
- Summary
35. Securing Third-Party Dependencies
- Evaluating Dependency Trees
  - Modeling a Dependency Tree
  - Dependency Trees in the Real World
  - Automated Evaluation
- Secure Integration Techniques
  - Separation of Concerns
  - Secure Package Management
- Summary
36. Mitigating Business Logic Vulnerabilities
- Architecture-Level Mitigations
- Statistical Modeling
  - Modeling Inputs
  - Modeling Actions
  - Model Development
  - Model Analysis
- Summary
37. Part III Summary
Conclusion
- The History of Software Security
- Recon
- Offense
- Defense
- More to Learn
Index