Web Application Defender's Cookbook: Battling Hackers and Protecting Users [NOOK Book]


100+ recipes to improve your defenses

Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.

Each recipe includes background data...

See more details below
Web Application Defender's Cookbook: Battling Hackers and Protecting Users

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
BN.com price
(Save 42%)$50.00 List Price
Note: This NOOK Book can be purchased in bulk. Please email us for more information.


100+ recipes to improve your defenses

Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.

Each recipe includes background data explaining how the attack works, an ingredients list, and step-by-step directions. You'll learn how to prepare for attacks, analyze web transactions for malicious activity, and respond with the best solutions. ModSecurity, a versatile, open source web application firewall module for Apache, Microsoft IIS, and Nginx web server platforms, is used to demonstrate each defensive technique.

Learn to:

  • Implement full HTTP auditing for incident response
  • Utilize virtual patching processes to remediate identified vulnerabilities
  • Deploy web tripwires (honeytraps) to identify malicious users
  • Detect when users are acting abnormally
  • Analyze uploaded files and web content for malware
  • Recognize when web applications leak sensitive user or technical data
  • Respond to attacks with varying levels of force
Read More Show Less

Product Details

  • ISBN-13: 9781118417058
  • Publisher: Wiley
  • Publication date: 1/4/2013
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 552
  • File size: 13 MB
  • Note: This product may take a few minutes to download.

Meet the Author

RYAN BARNETT is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences.

Read More Show Less

Table of Contents

Foreword xix

Introduction xxiii

I Preparing the Battle Space 1

1 Application Fortification 7

Recipe 1-1 Real-time Application Profiling 7

Recipe 1-2 Preventing Data Manipulation with Cryptographic Hash Tokens 15

Recipe 1-3 Installing the OWASP ModSecurity Core Rule Set (CRS) 19

Recipe 1-4 Integrating Intrusion Detection System Signatures 33

Recipe 1-5 Using Bayesian Attack Payload Detection 38

Recipe 1-6 Enable Full HTTP Audit Logging 48

Recipe 1-7 Logging Only Relevant Transactions 52

Recipe 1-8 Ignoring Requests for Static Content 53

Recipe 1-9 Obscuring Sensitive Data in Logs 54

Recipe 1-10 Sending Alerts to a Central Log Host Using Syslog 58

Recipe 1-11 Using the ModSecurity AuditConsole 60

2 Vulnerability Identification and Remediation 67

Recipe 2-1 Passive Vulnerability Identification 70

Recipe 2-2 Active Vulnerability Identification 79

Recipe 2-3 Manual Scan Result Conversion 88

Recipe 2-4 Automated Scan Result Conversion 92

Recipe 2-5 Real-time Resource Assessments and Virtual Patching 99

3 Poisoned Pawns (Hacker Traps) 115

Recipe 3-1 Adding Honeypot Ports 116

Recipe 3-2 Adding Fake robots.txt Disallow Entries 118

Recipe 3-3 Adding Fake HTML Comments 123

Recipe 3-4 Adding Fake Hidden Form Fields 128

Recipe 3-5 Adding Fake Cookies 131

II Asymmetric Warfare 137

4 Reputation and Third-Party Correlation 139

Recipe 4-1 Analyzing the Client's Geographic Location Data 141

Recipe 4-2 Identifying Suspicious Open Proxy Usage 147

Recipe 4-3 Utilizing Real-time Blacklist Lookups (RBL) 150

Recipe 4-4 Running Your Own RBL 157

Recipe 4-5 Detecting Malicious Links 160

5 Request Data Analysis 171

Recipe 5-1 Request Body Access 172

Recipe 5-2 Identifying Malformed Request Bodies 178

Recipe 5-3 Normalizing Unicode 182

Recipe 5-4 Identifying Use of Multiple Encodings 186

Recipe 5-5 Identifying Encoding Anomalies 189

Recipe 5-6 Detecting Request Method Anomalies 193

Recipe 5-7 Detecting Invalid URI Data 197

Recipe 5-8 Detecting Request Header Anomalies 200

Recipe 5-9 Detecting Additional Parameters 209

Recipe 5-10 Detecting Missing Parameters 212

Recipe 5-11 Detecting Duplicate Parameter Names 214

Recipe 5-12 Detecting Parameter Payload Size Anomalies 216

Recipe 5-13 Detecting Parameter Character Class Anomalies 219

6 Response Data Analysis 223

Recipe 6-1 Detecting Response Header Anomalies 224

Recipe 6-2 Detecting Response Header Information Leakages 234

Recipe 6-3 Response Body Access 238

Recipe 6-4 Detecting Page Title Changes 240

Recipe 6-5 Detecting Page Size Deviations 243

Recipe 6-6 Detecting Dynamic Content Changes 246

Recipe 6-7 Detecting Source Code Leakages 249

Recipe 6-8 Detecting Technical Data Leakages 253

Recipe 6-9 Detecting Abnormal Response Time Intervals 256

Recipe 6-10 Detecting Sensitive User Data Leakages 259

Recipe 6-11 Detecting Trojan, Backdoor, and Webshell Access Attempts 262

7 Defending Authentication 265

Recipe 7-1 Detecting the Submission of Common/Default Usernames 266

Recipe 7-2 Detecting the Submission of Multiple Usernames 269

Recipe 7-3 Detecting Failed Authentication Attempts 272

Recipe 7-4 Detecting a High Rate of Authentication Attempts 274

Recipe 7-5 Normalizing Authentication Failure Details 280

Recipe 7-6 Enforcing Password Complexity 283

Recipe 7-7 Correlating Usernames with SessionIDs 286

8 Defending Session State 291

Recipe 8-1 Detecting Invalid Cookies 291

Recipe 8-2 Detecting Cookie Tampering 297

Recipe 8-3 Enforcing Session Timeouts 302

Recipe 8-4 Detecting Client Source Location Changes During Session Lifetime 307

Recipe 8-5 Detecting Browser Fingerprint Changes During Sessions 314

9 Preventing Application Attacks 323

Recipe 9-1 Blocking Non-ASCII Characters 323

Recipe 9-2 Preventing Path-Traversal Attacks 327

Recipe 9-3 Preventing Forceful Browsing Attacks 330

Recipe 9-4 Preventing SQL Injection Attacks 332

Recipe 9-5 Preventing Remote File Inclusion (RFI) Attacks 336

Recipe 9-6 Preventing OS Commanding Attacks 340

Recipe 9-7 Preventing HTTP Request Smuggling Attacks 342

Recipe 9-8 Preventing HTTP Response Splitting Attacks 345

Recipe 9-9 Preventing XML Attacks 347

10 Preventing Client Attacks 353

Recipe 10-1 Implementing Content Security Policy (CSP) 353

Recipe 10-2 Preventing Cross-Site Scripting (XSS) Attacks 362

Recipe 10-3 Preventing Cross-Site Request Forgery (CSRF) Attacks 371

Recipe 10-4 Preventing UI Redressing (Clickjacking) Attacks 377

Recipe 10-5 Detecting Banking Trojan (Man-in-the-Browser) Attacks 381

11 Defending File Uploads 387

Recipe 11-1 Detecting Large File Sizes 387

Recipe 11-2 Detecting a Large Number of Files 389

Recipe 11-3 Inspecting File Attachments for Malware 390

12 Enforcing Access Rate and Application Flows 395

Recipe 12-1 Detecting High Application Access Rates 395

Recipe 12-2 Detecting Request/Response Delay Attacks 405

Recipe 12-3 Identifying Inter-Request Time Delay Anomalies 411

Recipe 12-4 Identifying Request Flow Anomalies 413

Recipe 12-5 Identifying a Significant Increase in Resource Usage 414

III Tactical Response 419

13 Passive Response Actions 421

Recipe 13-1 Tracking Anomaly Scores 421

Recipe 13-2 Trap and Trace Audit Logging 427

Recipe 13-3 Issuing E-mail Alerts 428

Recipe 13-4 Data Sharing with Request Header Tagging 436

14 Active Response Actions 441

Recipe 14-1 Using Redirection to Error Pages 442

Recipe 14-2 Dropping Connections 445

Recipe 14-3 Blocking the Client Source Address 447

Recipe 14-4 Restricting Geolocation Access Through Defense Condition (DefCon) Level Changes 452

Recipe 14-5 Forcing Transaction Delays 455

Recipe 14-6 Spoofing Successful Attacks 462

Recipe 14-7 Proxying Traffic to Honeypots 468

Recipe 14-8 Forcing an Application Logout 471

Recipe 14-9 Temporarily Locking Account Access 476

15 Intrusive Response Actions 479

Recipe 15-1 JavaScript Cookie Testing 479

Recipe 15-2 Validating Users with CAPTCHA Testing 481

Recipe 15-3 Hooking Malicious Clients with BeEF 485

Index 495

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)