Hacking Exposed Web 2.0 Lock down next-generation

文件名称: Hacking Exposed Web 2.0

所属分类: Web开发

开发工具:

文件大小: 6mb

下载次数: 0

上传时间: 2009-07-16

提供者: szh****

下载 (6mb)

不能下载？报告错误

详细说明： Lock down next-generation Web services “This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats.” –Max Kelly, CISSP, CIPP, CFCE, Senio r Director of Security, Facebook Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You’ll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings. Plug security holes in Web 2.0 implementations the proven Hacking Exposed way Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks Circumvent XXE, directory traversal, and buffer overflow exploits Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons Use input validators and XML classes to reinforce ASP and .NET security Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks About the Author Rich Cannings is a senior information security engineer at Google. Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization, and the author of several security books. Zane Lackey is a senior security consultant with iSEC Partners. ...展开收缩

(系统自动生成,下载前可以参看下载内容)