5
1
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web
550
by Mark Burnett
Mark Burnett
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web
550
by Mark Burnett
Mark Burnett
Hardcover
$54.95
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
54.95
In Stock
Overview
Hacking the Code has over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, Hacking the Code dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations is included in both the Local and Remote Code sections of the book.
The book is accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library includes multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.
Product Details
| ISBN-13: | 9781932266658 |
|---|---|
| Publisher: | Elsevier Science |
| Publication date: | 04/24/2004 |
| Pages: | 550 |
| Product dimensions: | 7.00(w) x 9.00(h) x (d) |
Table of Contents
Chapter 1 Managing UsersIntroduction
Understanding the Threats
Establishing User Credentials
Enforcing Strong Passwords
Avoiding Easily Guessed Credentials
Preventing Credential Harvesting
Limiting Idle Accounts
Managing Passwords
Storing Passwords
Password Aging and Histories
Changing Passwords
Resetting Lost or Forgotten Passwords
Resetting Passwords
Sending Information Via E-Mail
Assigning Temporary Passwords
Using Secret Questions
Empowering Users
Educating Users
Involving Users
Coding Standards Fast Track
Establishing User Credentials
Managing Passwords
Resetting Lost or Forgotten Passwords
Empowering Users
Code Audit Fast Track
Establishing User Credentials
Managing Passwords
Resetting Lost or Forgotten Passwords
Empowering Users
Frequently Asked Questions
Chapter 2 Authenticating and Authorizing Users
Introduction
Understanding the Threats
Authenticating Users
Building Login Forms
Using Forms Authentication
Using Windows Authentication
Using Passport Authentication
Blocking Brute-Force Attacks
Authorizing Users
Deciding How to Authorize
Employing File Authorization
Applying URL Authorization
Authorizing Users Through Code
Coding Standards Fast Track
Authenticating Users
Authorizing Users
Code Audit Fast Track
Authenticating Users
Authorizing Users
Frequently Asked Questions
Chapter 3 Managing Sessions
Introduction
Session Tokens
Authentication Tokens
Understanding the Threats
Maintaining State
Designing a Secure Token
Selecting a Token Mechanism
Using State Providers
Using ASP.NET Tokens
Using Cookies
Working with View State
Enhancing ASP.NET State Management
Creating Tokens
Terminating Sessions
Coding Standards Fast Track
Maintaining State
Using ASP.NET Tokens
Enhancing ASP.NET State Management
Code Audit Fast Track
Maintaining State
Using ASP.NET Tokens
Enhancing ASP.NET State Management
Frequently Asked Questions
Chapter 4 Encrypting Private Data
Introduction
Using Cryptography in ASP.NET
Employing Symmetric Cryptography
Using Asymmetric Cryptography
Working with Hashing Algorithms
Working with .NET Encryption Features
Creating Random Numbers
Keeping Memory Clean
Protecting Secrets
Protecting Communications with SSL
Coding Standards Fast Track
Using Cryptography in ASP.NET
Working with .NET Encryption Features
Code Audit Fast Track
Using Cryptography in ASP.NET
Working with .NET Encryption Features
Frequently Asked Questions
Chapter 5 Filtering User Input
Introduction
Handling Malicious Input
Identifying Input Sources
Programming Defensively
Constraining Input
Bounds Checking
Pattern Matching
Data Reflecting
Encoding Data
Encapsulating
Parameterizing
Double Decoding
Syntax Checking
Exception Handling
Honey Drops
Limiting Exposure to Malicious Input
Reducing the Attack Surface
Limiting Attack Scope
Hardening Server Applications
Coding Standards Fast Track
Handling Malicious Input
Constraining Input
Limiting Exposure to Malicious Input
Code Audit Fast Track
Handling Malicious Input
Limiting Exposure to Malicious Input
Frequently Asked Questions
Chapter 6 Accessing Data
Introduction
Securing Databases
Securing the Database Location
Limiting the Attack Surface
Ensuring Least Privilege
Securing the Database
Writing Secure Data Access Code
Connecting to the Data Source
Preventing SQL Injection
Writing Secure SQL Code
Reading and Writing to Data Files
Coding Standards Fast Track
Securing Database Drivers
Securing Databases
Writing Secure Data Access Code
Code Audit Fast Track
Securing Database Drivers
Securing the Database
Writing Secure Data Access Code
Frequently Asked Questions
Chapter 7 Developing Secure ASP.NET Applications
Introduction
Understanding the Threats
Writing Secure HTML
Constructing Safe HTML
Preventing Information Leaks
Handling Exceptions
Using Structured Error Handling
Reporting and Logging Errors
Coding Standards Fast Track
Writing Secure HTML
Handling Exceptions
Code Audit Fast Track
Writing Secure HTML
Handling Exceptions
Frequently Asked Questions
Chapter 8 Securing XML
Introduction
Applying XML Encryption
Encrypting XML Data
Applying XML Digital Signatures
Signing XML Data
Coding Standards Fast Track
Applying XML Encryption
Applying XML Digital Signatures
Coding Audit Fast Track
Applying XML Encryption
Applying XML Digital Signatures
Frequently Asked Questions
Appendix A Understanding .NET Security
Introduction
Permissions
Principal
Authentication
Authorization
Security Policy
Type Safety
Code Access Security
.NET Code Access Security Model
Role-Based Security
Principals
Role-Based Security Checks
Security Policies
Creating a New Permission Set
Modifying the Code Group Structure
Remoting Security
Cryptography
Security Tools
Summary
Security Fast Track
Frequently Asked Questions
Appendix B Glossary of Web Application Security Threats
Index
From the B&N Reads Blog
Page 1 of