Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast

Portada
"O'Reilly Media, Inc.", 14 oct. 2008 - 314 páginas
4 Reseñas

Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you:

  • Obtain, install, and configure useful-and free-security testing tools
  • Understand how your application communicates with users, so you can better simulate attacks in your tests
  • Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
  • Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.

 

Comentarios de usuarios - Escribir una reseña

No hemos encontrado ninguna reseña en los lugares habituales.

Índice

Chapter 1 Introduction
1
Chapter 2 Installing Some Free Tools
17
Chapter 3 Basic Observation
31
Chapter 4 WebOriented Data Encoding
55
Chapter 5 Tampering with Input
73
Chapter 6 Automated Bulk Scanning
101
Chapter 7 Automating Specific Tasks with cURL
125
Chapter 8 Automating with LibWWWPerl
153
Chapter 9 Seeking Design Flaws
177
Chapter 10 Attacking AJAX
197
Chapter 11 Manipulating Sessions
215
Chapter 12 Multifaceted Tests
237
Index
269
Página de créditos

Otras ediciones - Ver todo

Términos y frases comunes

Información bibliográfica