Hacking the Code: Auditor's Guide to Writing Secure Code for the Web
Hacking the Code has over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, Hacking the Code dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations is included in both the Local and Remote Code sections of the book. The book is accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library includes multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions simplify exploit and vulnerability tool development to an extent never before possible with publicly available software. - Learn to quickly create security tools that ease the burden of software testing and network administration - Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development - Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools - Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications - Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits
1100695601
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web
Hacking the Code has over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, Hacking the Code dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations is included in both the Local and Remote Code sections of the book. The book is accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library includes multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions simplify exploit and vulnerability tool development to an extent never before possible with publicly available software. - Learn to quickly create security tools that ease the burden of software testing and network administration - Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development - Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools - Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications - Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits
53.95 In Stock
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web

Hacking the Code: Auditor's Guide to Writing Secure Code for the Web

by Mark Burnett
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web
Add to Wishlist
Hacking the Code: Auditor's Guide to Writing Secure Code for the Web

Hacking the Code: Auditor's Guide to Writing Secure Code for the Web

by Mark Burnett

Overview

Hacking the Code has over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, Hacking the Code dives right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations is included in both the Local and Remote Code sections of the book. The book is accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library includes multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions simplify exploit and vulnerability tool development to an extent never before possible with publicly available software. - Learn to quickly create security tools that ease the burden of software testing and network administration - Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development - Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools - Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications - Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits

Product Details

ISBN-13: 9780080478173
Publisher: Syngress Publishing
Publication date: 05/10/2004
Sold by: Barnes & Noble
Format: eBook
Pages: 550
File size: 14 MB
Note: This product may take a few minutes to download.

Table of Contents

Chapter 1 Managing Users Introduction Understanding the Threats Establishing User Credentials Enforcing Strong Passwords Avoiding Easily Guessed Credentials Preventing Credential Harvesting Limiting Idle Accounts Managing Passwords Storing Passwords Password Aging and Histories Changing Passwords Resetting Lost or Forgotten Passwords Resetting Passwords Sending Information Via E-Mail Assigning Temporary Passwords Using Secret Questions Empowering Users Educating Users Involving Users Coding Standards Fast Track Establishing User Credentials Managing Passwords Resetting Lost or Forgotten Passwords Empowering Users Code Audit Fast Track Establishing User Credentials Managing Passwords Resetting Lost or Forgotten Passwords Empowering Users Frequently Asked QuestionsChapter 2 Authenticating and Authorizing Users Introduction Understanding the Threats Authenticating Users Building Login Forms Using Forms Authentication Using Windows Authentication Using Passport Authentication Blocking Brute-Force Attacks Authorizing Users Deciding How to Authorize Employing File Authorization Applying URL Authorization Authorizing Users Through Code Coding Standards Fast Track Authenticating Users Authorizing Users Code Audit Fast Track Authenticating Users Authorizing Users Frequently Asked QuestionsChapter 3 Managing Sessions Introduction Session Tokens Authentication Tokens Understanding the Threats Maintaining State Designing a Secure Token Selecting a Token Mechanism Using State Providers Using ASP.NET Tokens Using Cookies Working with View State Enhancing ASP.NET State Management Creating Tokens Terminating Sessions Coding Standards Fast Track Maintaining State Using ASP.NET Tokens Enhancing ASP.NET State Management Code Audit Fast Track Maintaining State Using ASP.NET Tokens Enhancing ASP.NET State Management Frequently Asked QuestionsChapter 4 Encrypting Private Data Introduction Using Cryptography in ASP.NET Employing Symmetric Cryptography Using Asymmetric Cryptography Working with Hashing Algorithms Working with .NET Encryption Features Creating Random Numbers Keeping Memory Clean Protecting Secrets Protecting Communications with SSL Coding Standards Fast Track Using Cryptography in ASP.NET Working with .NET Encryption Features Code Audit Fast Track Using Cryptography in ASP.NET Working with .
From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Internet & World Wide Web
Computers - General & Miscellaneous
Computer Programming
Web Programming/Development
Software Engineering
Computer Security
Network Programming
Web Application Development
Microsoft .NET
General Software Engineering
ASP.NET
Software engineering->Security measures
Computers
Internet & World Wide Web
Computers - General & Miscellaneous
Computer Programming
Web Programming/Development
Software Engineering
Computer Security
Network Programming
Web Application Development
Microsoft .NET
General Software Engineering
ASP.NET

Customer Reviews