Want to secure your web server and applications without reading a 1,500-page book? Want a quick, handy reference to web port numbers, IIS metabase settings, even "War-Googling" search terms? You've got it.
This not-quite-pocket-size book, barely 175 pages long, distills the essence of web security remarkably well. Foundstone principal consultant (and Hacking Exposed Web Applications coauthor) Mike Shema manages to summarize today's most important hacking techniques, attacks, and penetration methodologies...as well as providing systematic guidance on tactical countermeasures, host assessment, and hardening, for both Apache and IIS.
Here are quick, to-the-point explanations of cross-site scripting attacks, as well as SQL injection attacks against SQL Server, Oracle, MySQL, and PostgreSQL platforms. Here's an overview of the new security issues that arise when you deploy XML-based web services, as well as exploits that identify application vulnerabilities based on logical errors, semantic flaws, or weak encryption. Here's coverage of implementing robust Perl-based input validation.
Here, too, is a complete platform assessment methodology that incorporates the use of vulnerability scanners like Whisker, Nikto, and Nessus; and assessment tools like Achilles, WebProxy, and Curl. Here's a comprehensive chapter of web server assessment and hardening checklists. And, not least, here's a 24-page "Reference Center" covering everything from input validation tests to HTTP protocol request methods. Whatever other web security books you own, we think you'll turn to this one first -- and be pleasantly surprised by just how often you find what you're looking for. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.