Ebook: Hacking Exposed™ Web applications: Web application security secrets and solutions

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. • Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster • See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation • Understand how attackers defeat commonly used Web authentication technologies • See how real-world session attacks leak sensitive data and how to fortify your applications • Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques • Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments • Safety deploy XML, social networking, cloud computing, and Web 2.0 services • Defend against RIA, Ajax, UGC, and browser-based, client-side exploits • Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

---

This fully updated bestseller covers the latest web application exploitation techniques and their proven countermeasures Hacking Exposed: Web Applications, Third Edition shows you how to meet the challenges of online security with the two-pronged "attack-countermeasure" approach. The Third Edition provides leading-edge updates to exploitation techniques, as well as new chapters covering industry-wide threats and countermeasures, such as web application hacking, phishing, and preventative website development practices. This definitive guide is organized according to the internationally bestselling Hacking Exposed methodology, progressing from reconnaissance of the target through exploitation of common misconfigurations and software flaws. Anecdotes and personal experiences are interspersed throughout to reinforce the relevance and severity of specific vulnerabilities. Based on the author’s many years as a security professional hired to break into the world’s largest IT infrastructures, the techniques presented in this book will improve the security of online business. Hacking Exposed: Web Applications, Third Edition Covers new web application and phishing techniques as well as best practices in preventing web attacks Includes new case studies and examples based on author’s expertise working with global clients Offers seasoned insight into the core security issues that plague online business platforms of all sizes Provides proven strategies to prevent, detect, and remediate common weaknesses and maintain rock-solid security for the long term All-inclusive coverage: Hacking Web Apps 101; Profiling; Hacking Web Platforms; Attacking Web Authentication; Attacking Session Management; Input Injection Attacks; Attacking XML Web Services; Attacking Web Application Development; Hacking Web Client; Full-Knowledge Analysis; Web Application Security Scanners; Web Site Security Checklist Review of Previous Edition “A great addition to an arsenal to find, exploit, and overcome Web security issues. Suitable for developers and analysts alike, it will unveil the myriad of techniques your adversaries may employ.” -- Heather Adkins, Google Security