Sinopsis
There is no doubt that web application security is a current and newsworthy subject. For all concerned, the stakes are high: for businesses that derive increasing revenue from Internet commerce, for users who trust web applications with sensitive information, and for criminals who can make big money by stealing payment details or compromising bank accounts. Reputation plays a critical role. Few people want to do business with an insecure website, so few organizations want to disclose details about their own security vulnerabilities or breaches. Hence, it is not a trivial task to obtain reliable information about the state of web application security today.
This chapter takes a brief look at how web applications have evolved and the many benefi ts they provide. We present some metrics about vulnerabilities in current web applications, drawn from the authors’ direct experience, demonstrating that the majority of applications are far from secure. We describe the core security problem facing web applications — that users can supply arbitrary input — and the various factors that contribute to their weak security posture. Finally, we describe the latest trends in web application security and how these may be expected to develop in the near future.
Content
- Web Application (In)security
- Core Defense Mechanisms
- Web Application Technologies
- Mapping the Application
- Bypassing Client-Side Controls
- Attacking Authentication
- Attacking Session Management
- Attacking Access Controls
- Attacking Data Stores
- Attacking Back-End Components
- Attacking Application Logic
- Attacking Users: Cross-Site Scripting
- Attacking Users: Other Techniques
- Automating Customized Attacks
- Exploiting Information Disclosure
- Attacking Native Compiled Applications
- Attacking Application Architecture
- Attacking the Application Server
- Finding Vulnerabilities in Source Code
- A Web Application Hacker’s Toolkit
- A Web Application Hacker’s Methodology
,+A+-+Stroustrup,+Bjarne.jpg)
.jpg){kind=spacer}
0 komentar:
Posting Komentar