Web Application Security: Exploitation and Countermeasures for Modern Web Applications [1 ed.] 9781492053118, 9781492087960

Table of contents :
Cover
NGINX
Copyright
Table of Contents
Foreword
Preface
Prerequisite Knowledge and Learning Goals
Suggested Background
Minimum Required Skills
Who Benefits Most from Reading This Book?
Software Engineers and Web Application Developers
General Learning Goals
Security Engineers, Pen Testers, and Bug Bounty Hunters
How Is This Book Organized?
Recon
Offense
Defense
Language and Terminology
Summary
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Chapter 1. The History of Software Security
The Origins of Hacking
The Enigma Machine, Circa 1930
Automated Enigma Code Cracking, Circa 1940
Introducing the “Bombe”
Telephone “Phreaking,” Circa 1950
Anti-Phreaking Technology, Circa 1960
The Origins of Computer Hacking, Circa 1980
The Rise of the World Wide Web, Circa 2000
Hackers in the Modern Era, Circa 2015+
Summary
Part I. Recon
Chapter 2. Introduction to Web Application Reconnaissance
Information Gathering
Web Application Mapping
Summary
Chapter 3. The Structure of a Modern Web Application
Modern Versus Legacy Web Applications
REST APIs
JavaScript Object Notation
JavaScript
Variables and Scope
Functions
Context
Prototypal Inheritance
Asynchrony
Browser DOM
SPA Frameworks
Authentication and Authorization Systems
Authentication
Authorization
Web Servers
Server-Side Databases
Client-Side Data Stores
Summary
Chapter 4. Finding Subdomains
Multiple Applications per Domain
The Browser’s Built-In Network Analysis Tools
Taking Advantage of Public Records
Search Engine Caches
Accidental Archives
Social Snapshots
Zone Transfer Attacks
Brute Forcing Subdomains
Dictionary Attacks
Summary
Chapter 5. API Analysis
Endpoint Discovery
Authentication Mechanisms
Endpoint Shapes
Common Shapes
Application-Specific Shapes
Summary
Chapter 6. Identifying Third-Party Dependencies
Detecting Client-Side Frameworks
Detecting SPA Frameworks
Detecting JavaScript Libraries
Detecting CSS Libraries
Detecting Server-Side Frameworks
Header Detection
Default Error Messages and 404 Pages
Database Detection
Summary
Chapter 7. Identifying Weak Points in Application Architecture
Secure Versus Insecure Architecture Signals
Multiple Layers of Security
Adoption and Reinvention
Summary
Chapter 8. Part I Summary
Part II. Offense
Chapter 9. Introduction to Hacking Web Applications
The Hacker’s Mindset
Applied Recon
Chapter 10. Cross-Site Scripting (XSS)
XSS Discovery and Exploitation
Stored XSS
Reflected XSS
DOM-Based XSS
Mutation-Based XSS
Summary
Chapter 11. Cross-Site Request Forgery (CSRF)
Query Parameter Tampering
Alternate GET Payloads
CSRF Against POST Endpoints
Summary
Chapter 12. XML External Entity (XXE)
Direct XXE
Indirect XXE
Summary
Chapter 13. Injection
SQL Injection
Code Injection
Command Injection
Summary
Chapter 14. Denial of Service (DoS)
regex DoS (ReDoS)
Logical DoS Vulnerabilities
Distributed DoS
Summary
Chapter 15. Exploiting Third-Party Dependencies
Methods of Integration
Branches and Forks
Self-Hosted Application Integrations
Source Code Integration
Package Managers
JavaScript
Java
Other Languages
Common Vulnerabilities and Exposures Database
Summary
Chapter 16. Part II Summary
Part III. Defense
Chapter 17. Securing Modern Web Applications
Defensive Software Architecture
Comprehensive Code Reviews
Vulnerability Discovery
Vulnerability Analysis
Vulnerability Management
Regression Testing
Mitigation Strategies
Applied Recon and Offense Techniques
Chapter 18. Secure Application Architecture
Analyzing Feature Requirements
Authentication and Authorization
Secure Sockets Layer and Transport Layer Security
Secure Credentials
Hashing Credentials
2FA
PII and Financial Data
Searching
Summary
Chapter 19. Reviewing Code for Security
How to Start a Code Review
Archetypical Vulnerabilities Versus Custom Logic Bugs
Where to Start a Security Review
Secure-Coding Anti-Patterns
Blacklists
Boilerplate Code
Trust-By-Default Anti-Pattern
Client/Server Separation
Summary
Chapter 20. Vulnerability Discovery
Security Automation
Static Analysis
Dynamic Analysis
Vulnerability Regression Testing
Responsible Disclosure Programs
Bug Bounty Programs
Third-Party Penetration Testing
Summary
Chapter 21. Vulnerability Management
Reproducing Vulnerabilities
Ranking Vulnerability Severity
Common Vulnerability Scoring System
CVSS: Base Scoring
CVSS: Temporal Scoring
CVSS: Environmental Scoring
Advanced Vulnerability Scoring
Beyond Triage and Scoring
Summary
Chapter 22. Defending Against XSS Attacks
Anti-XSS Coding Best Practices
Sanitizing User Input
DOMParser Sink
SVG Sink
Blob Sink
Sanitizing Hyperlinks
HTML Entity Encoding
CSS
Content Security Policy for XSS Prevention
Script Source
Unsafe Eval and Unsafe Inline
Implementing a CSP
Summary
Chapter 23. Defending Against CSRF Attacks
Header Verification
CSRF Tokens
Stateless CSRF Tokens
Anti-CRSF Coding Best Practices
Stateless GET Requests
Application-Wide CSRF Mitigation
Summary
Chapter 24. Defending Against XXE
Evaluating Other Data Formats
Advanced XXE Risks
Summary
Chapter 25. Defending Against Injection
Mitigating SQL Injection
Detecting SQL Injection
Prepared Statements
Database-Specific Defenses
Generic Injection Defenses
Potential Injection Targets
Principle of Least Authority
Whitelisting Commands
Summary
Chapter 26. Defending Against DoS
Protecting Against Regex DoS
Protecting Against Logical DoS
Protecting Against DDoS
DDoS Mitigation
Summary
Chapter 27. Securing Third-Party Dependencies
Evaluating Dependency Trees
Modeling a Dependency Tree
Dependency Trees in the Real World
Automated Evaluation
Secure Integration Techniques
Separation of Concerns
Secure Package Management
Summary
Chapter 28. Part III Summary
The History of Software Security
Web Application Reconnaissance
Offense
Defense
Chapter 29. Conclusion
Index
About the Author
Colophon

Polecaj historie

Advanced Web Attacks and Exploitation (AWAE)

9,273 1,743 16MB Read more

Ajax for web application developers 0672329123, 9780672329128

Ajax has gained much attention on the web and provides unique and powerful ways of dealing with data in real-time. It is

1,239 252 2MB Read more

Bug Bounty Hunting For Web Security: Find And Exploit Vulnerabilities In Web Sites And Applications 1484253906, 9781484253908, 9781484253915

Start with the basics of bug hunting and learn more about implementing an offensive approach by finding vulnerabilities

6,095 1,164 9MB Read more

Advanced Web Application Architecture 9789082120165

5,871 1,278 6MB Read more

Ethical hacking and countermeasures. Book 3, Web applications and data servers [2nd ed] 9781305883451, 1001001001, 1305883454

The EC-Council-Press Ethical Hacking and Countermeasures series is comprised of four books covering a broad base of topi

1,737 472 13MB Read more

The Hackers Codex: Modern Web Application Attacks Demystified

1,799 489 16MB Read more

Web Security for Developers 1593279949, 9781593279943

Website security made easy. This book covers the most common ways websites get hacked and how web developers can defend

1,701 275 4MB Read more

Hacking Exposed Web Applications: Web Security Secrets & Solutions [Second Edition] 0072262990, 9780072262995

This edition has been updated to include new exploitation techniques, the latest denial of service attacks, new phishing

1,048 181 10MB Read more

Web Application Design Handbook: Best Practices for Web-Based Software [1 ed.] 9781558607521, 1558607528, 9781417537105

The standards for usability and interaction design for Web sites and software are well known. While not everyone uses th

2,623 404 51MB Read more

JavaScript Frameworks for Modern Web Dev 9781484206621

1,317 196 4MB Read more