Web Hacking from the Inside Out

Overview

Covering new technologies used to search for vulnerabilities on websites from a hacker's point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications,...

See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (4) from $21.83   
  • New (1) from $80.00   
  • Used (3) from $21.83   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$80.00
Seller since 2014

Feedback rating:

(146)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

Covering new technologies used to search for vulnerabilities on websites from a hacker's point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.

Read More Show Less

Product Details

  • ISBN-13: 9781931769631
  • Publisher: A-List, LLC
  • Publication date: 1/1/2007
  • Pages: 300
  • Product dimensions: 7.40 (w) x 9.10 (h) x 0.80 (d)

Meet the Author

Michael Flenov is the author of Hackish C++ Games & Demos, Hackish C++ Pranks & Tricks, Hackish PC Pranks & Cracks, and Hackish PHP Pranks & Tricks.

Read More Show Less

Table of Contents


Introduction     1
Elements Left Out     2
Acknowledgments     3
Security Fundamentals     5
Social Engineering     6
Fundamentals of Hacker Attacks     8
Reconnaissance     10
Identifying the Server's Operating System     13
Exploits     17
Automation     18
Breaking into a Web Server     22
Using a Search Service to Break into a Web Server     24
Searching for Indexed Secrets     24
Searching for Vulnerable Sites     25
Brute-Force Attacks     26
Trojan Horses     28
Denial-of-Service Attacks     31
Distributed Denial-of-Service Attacks     35
Cracking Passwords     35
Specific User Rights     37
Complex Defenses     38
Protecting a Web Server     39
Supplementary Modules     41
The mod_security Module     42
The mod_rewrite Module     43
Access Privileges     44
Script Rights in the System     44
Database Server Access Rights     45
Remote Connection Rights     48
Script File AccessRights     48
Strong Passwords     49
The Situation Is Not Hopeless     49
No Such Thing as Bug-Free Software     51
Do-It-Yourself Software     52
Custom-Built Software     52
Off-the-Shelf Open-Source Solutions     53
Simple Break-Ins     55
Jacking Up Voting Results     55
Vote-Padding Method #1     56
Vote-Padding Method #2     57
Vote-Padding Method #3     57
Protecting against Vote Padding     59
Flood Attack     61
Flood Defense     61
Registration Flooding     63
Dangerous Newsletter Subscription     64
PHP Hacks     69
File Access Blunders     70
A Real-Life Error     70
An include Function Error     75
Code Injection     81
The phpBB Forum     83
A Lean Site is a Safe Site     89
Automatically Registered Variables     93
The Get Method     95
The Post Method     97
Parameter Vulnerability     100
The Cookie Method     102
Initializing Variables     105
Program Modules     112
Configuration Files     112
Intermediate Modules     114
Hidden Functions     119
Checking Parameters     119
The Problem with Regular Expressions     121
Perl Regular Expressions     122
Environment Variables     124
SQL Injection and PHP     127
Random Shooting     128
Anatomy of an Error     132
Collecting Information     136
Using the Vulnerability     142
Gaining Access to the File System     143
Looking for a Vulnerability     144
Dangerous Percent Sign     145
Potential Problems     148
A Little Practice     149
Web Server Protection against SQL Injection     155
Configuring PHP     158
Different Database Servers     161
Recommendations     162
Break-In Practice     165
Disguised PHP Scripts     165
Macromedia ColdFusion     173
System Hacks     177
Calling System Commands     178
Protecting against Commands Execution     182
Uploading Files     184
Verifying Image Files      190
Verifying Text Files     193
Saving Uploaded Files to a Database     193
Accessing the File System     194
Uploading Hacker Tools     197
The eval Function     198
SQL Injection and ASP     201
Breaking into ASP and Microsoft SQL Server     201
Specifics of Hacking Microsoft SQL Server     212
Dangerous Procedures     213
The xp_cmdshell Procedure     213
The sp_who Procedure     214
The sp_help Procedure     214
The sp_adduser Procedure     215
The sp_grantdbaccess Procedure     215
The sp_dropuser Procedure     216
The sp_helpuser Procedure     216
The xp_teminate_process Procedure     216
Managing Access Privileges     217
Dangerous Queries     219
Strengthening Microsoft SQL Server Security     223
Main Perl Errors     227
Referencing the File System     228
SQL Injection     232
The system Function     235
Including Files     235
DoS Attacks     237
Sluggish Queries     237
Optimizing Database Operations      238
Optimizing Queries     239
Optimizing Databases     242
Selecting Necessary Data     244
Summary     246
Optimizing PHP     246
Buffering Output     246
Caching Pages     247
Locks     251
Other Resources     252
Authentication and Authorization     253
Web Server Authentication     254
Custom Authentication System     255
Cross-Site Scripting     259
XSS Basics     260
Appropriating Data     263
Conclusion     267
CD-ROM Contents     269
Index     271
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)