Hacking Exposed Web 2.0 et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus
  • Tous les prix incluent la TVA.
Il ne reste plus que 1 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon.
Emballage cadeau disponible.
Quantité :1
Hacking Exposed Web 2.0: ... a été ajouté à votre Panier
+ EUR 2,99 (livraison)
D'occasion: Bon | Détails
Vendu par AnybookLtd
État: D'occasion: Bon
Commentaire: C'est un livre usagé de bibliothèque. Expedié le jour meme depuis l'angleterre. En moyenne, 5-8 jours pour la livraison. This is an ex-library book and may have the usual library/used-book markings inside.This book has soft covers. In good all round condition.
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir les 3 images

Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions (Anglais) Broché – 1 janvier 2008

Voir les 2 formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle
"Veuillez réessayer"
"Veuillez réessayer"
EUR 48,03
EUR 18,08 EUR 2,52

Offres spéciales et liens associés

Descriptions du produit

Présentation de l'éditeur

Lock down next-generation Web services

"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook

Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.

  • Plug security holes in Web 2.0 implementations the proven Hacking Exposed way
  • Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms
  • Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks
  • Circumvent XXE, directory traversal, and buffer overflow exploits
  • Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls
  • Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
  • Use input validators and XML classes to reinforce ASP and .NET security
  • Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications
  • Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls
  • Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks 

Biographie de l'auteur

Rich Cannings is a senior information security engineer at Google.

Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization, and the author of several security books.

Zane Lackey is a senior security consultant with iSEC Partners.

Détails sur le produit

En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre

(En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index
Rechercher dans ce livre:

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 6 commentaires
11 internautes sur 12 ont trouvé ce commentaire utile 
Shallow and weak 30 janvier 2008
Par Kornienko Mikhail - Publié sur Amazon.com
Format: Broché Achat vérifié
I'm still in the middle of the book, and I definitely will skim thru all the remaining pages (just because I paid for it), but I wouldn't recommend the book to anyone looking for serious and in-depth study on web security - the book just doesn't offer that. What it does is a list of possible attack vectors and sometimes offers "solutions" which can help to fight with the attacks. However, the attacks descriptions are shallow, solutions are very short and non-extensive and many of them go as far as telling a user to install NoScript extension for Firefox (huh? Web 2.0 doesn't work with no JavaScript).

There are also quadrillions of links to a security-related site (won't list it here) which offers a toolbar to checks your sites again the most common security problems. I don't have anything against links to useful tools of course, but THAT amount of links just makes this book look like an advertisement of the fore-mentioned site. Am not even talking about page space wasted to re-iterate "go to ...., install ...., click .... in order to test for ....." which usually take 0.5-1 pages. Users who read that sort of books can somehow figure out how to use a toolbar, I believe.

I'm not by any means a security expert, and this book did introduce me into the topic, but it didn't do anything beyond that. I still need to read some other book on the topic, and that book will probably contain the same info as the Hacking Web 2.0 Exposed (i.e. the very basic info on web expoits), so.. I actually just recommend to pass on this book at all, and look for something which covers the topic in greater depth.
5 internautes sur 5 ont trouvé ce commentaire utile 
Disappointing sibling of the Hacking Exposed Series 25 février 2008
Par James Rogers - Publié sur Amazon.com
Format: Broché
Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions (Hacking Exposed)

The Hacking Exposed Web 2.0 book has proven to be a fairly huge disappointment for me. After some quality technical books in this series, the publisher has released what amounts to a sales tool for the author's software.

The front cover states "Web 2.0 Security Secrets and Solutions" but the inside of the book hasn't really lived up to that hype. Normally, when it comes to books by McGraw Hill with the Hacking Exposed title, I can expect a decent amount of technical detail on the topic at hand. With this book, it was a bit different. Now, before you think I'm blasting this book entirely, I want to make perfectly clear that there is valid information in this book, but in my opinion, it's pretty basic stuff. If you're a beginner in the world of web hacking, then this book might be worthwhile. However, if you've done much web hacking at all, I think you'll be discouraged at the basic nature of the information included.

The sales pitch starts right in Chapter 1 as the iSec Partners push their Security QA toolbar for web assessments. If you visit their website, they have two separate sections that contain potential software you can download and use. The Products section will allow you to download the trial version of this toolbar, but you have to talk to a sales person to get pricing on the software. But a good deal of the content they discuss in the book is based on this tool.

Now, with that said, there are good points for the book as well. For example, McGraw-Hill sticks to the tried and true format formula that provides readers with an overall Risk Rating for each topic, which is based on the popularity, simplicity, and impact of each vulnerability. Some of the topics in the book do have a better amount of detail on the vulnerability than others. They do a decent job of covering the basic security models in play when a web browser is loaded, even including information on the Flash security models.

All in all, this book isn't awful, but it's certainly not going to give you a lot of information that you couldn't already get online. Because the book is so thin, the actual desk reference value of this book is a bit thin as well. You would do better to purchase a more comprehensive book that you can use as a desk reference later, as you work through your various projects.
4 internautes sur 5 ont trouvé ce commentaire utile 
Reliance on author's tool detracts from books potential 15 mars 2008
Par Chris Gates - Publié sur Amazon.com
Format: Broché
Thanks to McGraw-Hill for my review copy.

Based on my review criteria this book should have easily been a 4 or 5 star book, but I gave it 3 stars for its major flaw. Its major flaw is that it only talks about iSec partner's SecurityQA Toolbar as a tool for testing for the different types of web application vulnerabilities. Only discussing one closed source, for pay tool, that only runs on Windows is really disappointing from a security professional standpoint. I really expected a good snapshot in time on the DIFFERENT tools and techniques for doing web 2.0 auditing. There are tons of "for-pay" and more importantly FREE web application scanners and tools that look for the same vulnerabilities discussed in the book and the fact that they don't mention any other tools or methods is very disappointing.

Now that the above is out of the way...lets get on with the likes and dislikes.

-The analysis of the samy worm is excellent. They break the code apart and really analyze what's going on and why it worked at the time.
-The chapter on ActiveX security is excellent. It covers a lot of ground on why ActiveX controls are bad, how to fuzz them and how to defend against them.
-The whole first part of the book on Web 1.0 vulnerabilities is well written, I had just finished XSS attacks and having that background helped a lot with the relevant chapters in HE Web 2.0.

-The book is short, about 246 pages, that's probably too short for the price for a security book.
-A good chunk of the chapters cover over and over installing and using their SecurityQA Toolbar, I only need it once, if that.
-I think the book stops a bit short of actually exploiting Web 2.0 vulnerabilities. It talks a lot about identifying which 2.0 framework an application was built with and identifying different methods in that application, if debug functionality is enabled, and finding hidden URLs but how I exploit SQL injection issues or XPATH injection or LDAP injection issues IN web 2.0 applications is missing. That was the core problem with web 1.0, its still a valid and dangerous entry point for web 2.0 and should have been covered. Hacking Exposed is generally about exploiting vulnerabilities and not stopping at identifying them which is where the book seems to have stopped.

Overall the authors are obviously very knowledgeable about the subject. One of the other reviewers mentioned that it goes from technically very easy to very difficult even within chapters and I think this is true. The code sample for the examples they give are great and their explanations of web 1.0 and the web 2.0 threats is very well written with good examples. Like I said, had it not been for their fixation with their own tool as the only option we have for web 1.0 and 2.0 testing this would have easily been a 4 star book. For those a bit more interested in web 2.0 I would recommend checking out Shreeraj Shah's Web 2.0 Security and Hacking Web Services books and his website which has free web 2.0 auditing tools.
1 internautes sur 1 ont trouvé ce commentaire utile 
Good Info, some weak points 18 février 2008
Par Tom is a nerd - Publié sur Amazon.com
Format: Broché Achat vérifié
Hacking Exposed Web 2.0 is comparable to many of their series, Great information on getting started securing your box, but not without its drawbacks.

I dislike - the thin book, only about 220 useful pages (used to much fatter books). It also often jumps from quite difficult to quite easy often. The difficulty to setting up a test environment, this book would be quite easy for someone who developed all of these environments (from simple HTML and JavaScript to XML and SQL and more) to complete, but it is quite difficult to have these environments readily available to you for testing purposes.

The information is this book is extremely valuable, For a security enthusiast the information gives the reader a great starting point to build on. It has small, short projects (like the rest of the series) that can be completed in reasonable amount of time. It should be noted that this book (once again, like the rest of the series) does require a bit of a commitment, setting up the environment takes time, understanding the text, and doing the proper research will be what makes or breaks the experience for you and what you will gain from it. I would recommend it to anyone with a good understanding of web languages or a strong desire to learn about their security (or lack thereof).
1 internautes sur 1 ont trouvé ce commentaire utile 
Not enough content for the price 25 octobre 2009
Par Richard Bejtlich - Publié sur Amazon.com
Format: Broché
I have to agree with the other 3-star reviews of Hacking Exposed: Web 2.0 (HEW2). This book just does not stand up to the competition, such as The Web Application Hacker's Handbook (TWAHH) or Web Security Testing Cook (WSTC). I knew this book was in trouble when I was already reading snippets mentioning JavaScript arrays in the introduction. That set the tone for the book: compressed, probably rushed, mixing material of differing levels of difficulty. For example, p 8 mentions using prepared statements as a defense against SQL injection. However, only a paragraph on the topic appears, with no code samples (unlike TWAHH).

Despite having 4 fewer contributors than TWAHH (which had 10), HEW2 showed the signs of overlap common in books by large teams of authors. I also severely disliked the authors' use of their company's SecurityQA Toolbar. Better to advertise the book as a guide to using SecurityQA Toolbar for Web assessment than as a regular Hacking Exposed title.

You can safely skip HEW2. It's likely the next good Hacking Exposed titled on Web security will be Hacking Exposed: Web Applications 3.0.
Ces commentaires ont-ils été utiles ? Dites-le-nous


Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?