• Tous les prix incluent la TVA.
Il ne reste plus que 3 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon.
Emballage cadeau disponible.
Quantité :1
Web Hacking: Attacks and ... a été ajouté à votre Panier
+ EUR 2,99 (livraison)
D'occasion: Bon | Détails
Vendu par Deal FR
État: D'occasion: Bon
Commentaire: Ce livre a été lu mais il est toujours en bon état. 100% garanti.
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir cette image

Web Hacking: Attacks and Defense (Anglais) Broché – 8 août 2002


Voir les formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
Broché
"Veuillez réessayer"
EUR 47,16
EUR 30,18 EUR 4,21

Descriptions du produit

Présentation de l'éditeur

In the evolution of hacking, firewalls are a mere speed bump. Hacking continues to develop, becoming ever more sophisticated, adapting and growing in ingenuity as well as in the damage that results. Web attacks running over web ports strike with enormous impact. Stuart McClure's new book focuses on Web hacking, an area where organizations are particularly vulnerable. The material covers the web commerce "playground', describing web languages and protocols, web and database servers, and payment systems. The authors bring unparalleled insight to both well- known and lesser known web vulnerabilities. They show the dangerous range of the many different attacks web hackers harbor in their bag of tricks -- including buffer overflows, the most wicked of attacks, plus other advanced attacks. The book features complete methodologies, including techniques and attacks, countermeasures, tools, plus case studies and web attack scenarios showing how different attacks work and why they work.

Quatrième de couverture

"Both novice and seasoned readers will come away with an increased understanding of how Web hacking occurs and enhanced skill at developing defenses against such Web attacks. Technologies covered include Web languages and protocols, Web and database servers, payment systems and shopping carts, and critical vulnerabilities associated with URLs. This book is a virtual battle plan that will help you identify and eliminate threats that could take your Web site off line..."
--From the Foreword by William C. Boni, Chief Information Security Officer, Motorola"Just because you have a firewall and IDS sensor does not mean you aresecure; this book shows you why."
--Lance Spitzner, Founder, The Honeynet ProjectWhether it's petty defacing or full-scale cyber robbery, hackers are moving to the Web along with everyone else. Organizations using Web-based business applications are increasingly at risk. Web Hacking: Attacks and Defense is a powerful guide to the latest information on Web attacks and defense. Security experts Stuart McClure (lead author of Hacking Exposed), Saumil Shah, and Shreeraj Shah present a broad range of Web attacks and defense.

Features include:

  • Overview of the Web and what hackers go after
  • Complete Web application security methodologies
  • Detailed analysis of hack techniques
  • Countermeasures
  • What to do at development time to eliminate vulnerabilities
  • New case studies and eye-opening attack scenarios
  • Advanced Web hacking concepts, methodologies, and tools

"How Do They Do It?" sections show how and why different attacks succeed, including:

  • Cyber graffiti and Web site defacements
  • e-Shoplifting
  • Database access and Web applications
  • Java™ application servers; how to harden your Java™ Web Server
  • Impersonation and session hijacking
  • Buffer overflows, the most wicked of attacks
  • Automated attack tools and worms

Appendices include a listing of Web and database ports, cheat sheets for remote command execution, and source code disclosure techniques.

Web Hacking informs from the trenches. Experts show you how to connect the dots--how to put the stages of a Web hack together so you can best defend against them. Written for maximum brain absorption with unparalleled technical content and battle-tested analysis, Web Hacking will help you combat potentially costly security threats and attacks.



0201761769B07192002



Détails sur le produit


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 13 commentaires
31 internautes sur 32 ont trouvé ce commentaire utile 
Eclectic 28 septembre 2002
Par Marco De Vivo - Publié sur Amazon.com
Format: Broché Achat vérifié
So you heard all this hype on Web Hacking, and want to know more about this matter.
Well, if you think about the web as an e-commerce platform, then just Buy 'Web Security, Privacy & Commerce' by Garfinkel and Spafford, an excellent and classic book.
Are you interested in 'pure hacking'? I mean 'perl scripts', cross site and traversal attacks, hackers jargon, and all the related issues..... then buy 'Hacking Web Applications Exposed' by Scambray and Shema. Excellent book too, and excellent authors. But beware, it is not for newbies. You MUST have a lot of background to fully understand the attacks.
Now, what about an easier generic book, covering the same issues as the others but in a step by step and kinder way.? A book to start from zero, but leading to understand all the currently related themes. Well, if this is what you want, then 'Web Hacking' is your book. It covers all that need to be covered in this area. In an easy and well structured way. The reading is very light and the authors 'break down' of the matter, makes the contents very intuitive.
The book is structured into four main sections (covering the same areas as the previously referred books) :
** The E-commerce Playground
** URLs Unraveled
** How Do They Do It?
** Advanced Web Kung Fu
It includes also, several interesting appendixes (specially useful the 'cheat sheet' appendix).
A lot of simple case studies (of the kind 'Bob and Alice') are presented as well as some more technical analyses (Code Red, Nimda etc.)
If I were to select a book as a reference for a first course on web security, 'Web Hacking' would be my choise. Definitively.
17 internautes sur 18 ont trouvé ce commentaire utile 
Excellent, a _must_ read 21 août 2002
Par Amazon Customer - Publié sur Amazon.com
Format: Broché
This book has a wealth of information on the subject of Web Hacking. As an administrator responsible for the well-being of various web servers, it is important for me to keep up with the vulnerabilities and know the tactics of crackers, and this book filled me in with more than enough knowledge.
The book starts out with good introduction on the topic of web languages, and leads you to various topics such as finding and exploiting buffer overflows. There is a _lot_ of ground covered in this book including databases, cracking tools, SQL code injection, countermeasures, etc.
If you are responsible for any host sitting on the internet, this is your bible.
12 internautes sur 12 ont trouvé ce commentaire utile 
Grab a cup of �joe� curl up in a comfy place and get ready f 28 août 2002
Par Robin Carver - Publié sur Amazon.com
Format: Broché
Web Hacking, Attacks and Defense by Stuart McClure, Saumil Shah and Shreeraj Shah is an excellent introductory level book to the world of web hacking. If you are a seasoned professional you will also enjoy having this book in your collection, as it is an excellent resource book.
Ever wonder how anyone can enter a web site and see more than what's presented? With a clear understanding of the protocols, web languages, an understanding of the processes behind e commerce and a bit of historical knowledge you too can hack a web site, and wind up on the FBI's most wanted list. But by the same token, a little bit of knowledge is a powerful thing, with the information presented here you can easily get started on the road to keeping the hackers out, and damage to a minimum if they do get in.
The chapters are clearly laid out, and include code with explanations of the weaknesses, referrals to more in depth study, precautionary measures you can take to help secure your site and a look at the various tools available to harden your site.
IIS and Apache are reviewed, along with Oracle and SQL Server to show some of the more popular Web Servers and Databases, how they work, are exploited and ways to harden them against attack. The protocols used by the web, web programming languages, and an explanation of how a browser interprets commands are graphically laid out with examples presented. It would be hard to come away from this book with out an understanding of the concepts, as they are so clearly defined.
Everything from setting a common understanding of terms to basic E Commerce concepts to unraveling Code Red and a truly unique presentation of IDS (Intrusion Detection Systems) is presented and well worth the time it takes to read.
Enjoy!
12 internautes sur 13 ont trouvé ce commentaire utile 
Hacking - Readers Are Shown How It's Done! 20 septembre 2002
Par Jim Moran - Publié sur Amazon.com
Format: Broché
During the last several years we have seen a sharp rise in the number of methods employed to hack into computer systems worldwide. The frequency of such attacks is alarming and the consequences are staggering. Clever minds, basic computer and programming skills, and knowledge of system exploits coupled with the intent to cause harm of one kind or another is a hard combination to beat.
Stuart McClure, Saumil Shah, and Shreeraj Shah have written Web Hacking: Attacks and Defense to provide solid insight into the very strategies involved to successfully hack into vulnerable computer systems. This book features extensive coverage of popular and lesser known exploits that allows successful hacking to take place. Readers will read up on them, they can actually challenge them - hopefully against their own systems, and they can prepare their own strategies to counter possible future hacking attempts against their own systems.
I was truly amazed as I read one system exploit after another - it seemed so easy for people to go hacking these days. Case studies were intriguing - Website defacement, intercepting and deleting e-mail messages, determining passwords, stealing identities, shopping cart shoplifting, credit card fraud, and more. I easily concluded that just about anyone with basic programming skills could have a serious go at hacking into a computer system if armed with the information provided in this book.
The authors walk readers through actual hacking processes using programming code lines, screen shots, graphical diagram analysis, and they discuss in plain English how hacking attempts and other forms of mischief takes place. In short - readers are put in the hacker's seat and shown how to do it. Readers are also introduced to a number of popular hacking tools used to apply the hacking craft - username and password crackers, Web proxies, cookie programs, and other tools used to insert and extract useful information.
The intention of the book is clear - to create serious awareness of hacking threats and to offer readers - individuals, IT department professionals, Web developers, business leaders, and other concerned parties, the information they need to adequately safeguard their systems and client data. They will learn how various servers, server software, and program languages work and how best to deploy them for optimum security. Although no computer system may be 100% hack-proof, taking serious precautions and putting into use the countermeasures and advice provided in this book will reduce the likelihood of major intrusion attempts.
Although the contents of this book appears overwhelming at times, readers should take heart in knowing that they are learning about the serious nature of hacking and criminal activity associated with it. Some hackers are people with easily obtained computer tools who are out to prove their skills while others want to steal or exact revenge. Regardless of their skill levels and intentions, they pose serious threats to a lot of people. The content of this book is essential reading. There's much to be gained by reading and applying it to current Web communication and commerce strategies. It's highly recommended.
8 internautes sur 8 ont trouvé ce commentaire utile 
Entertaining and educational 4 septembre 2002
Par Dr Anton Chuvakin - Publié sur Amazon.com
Format: Broché
Web services infrastructure for electronic commerce. So hard to built,
even harder to secure. With this great book, it is sooo easy to
subvert, destroy, corrupt and otherwise blast it to really small
pieces. Rival the glory of Mr Lamo with just the book and the web
browser!
Humor aside, the new book is a valuable resource for security
professionals. As other awesome books written by the Foundstone folks,
it provides the wealth of often exclusive information on the new and
dangerous security domain - web application and services hacking.
Amazingly, I believe the book will also help web developers to
understand the implication of their actions and design decisions. It
is indeed hard to write a book that appeals to both "in-the-know"
crowd and more general populace, but Stuart McClure team managed to
succeed at that.
An important advantage of this book is the detailed review of modern
web technologies. From HTML and XML feature summary to web application
architectures the book covers many web commerce and web services
components on front end, back end and middle tier. Moreover, security
implication are emphasized for every outlined feature and technology.
Starting from Java and HTML primers, the book unfolds its exciting
story all the way to SQL injection and IDS evasion via Unicode and
SSL. The detailed coverage of web reconnaissance techniques such as
URL and page headers fingerprinting and site linkage analysis is
provided. Another cool information gathering techniques is eliciting
error messages from back end web application for their identification
and penetration. Truncated URLs, invalid resource requests and
parameter tampering are have a chance to produce an elusive and
informational message from the applications and databases.
Case studies, while reminiscent of bad comic books (such as the one
about an bad Russian hacker, Boris), do serve to illustrate the web
hacking concepts and are quite informational.
Web defacers and ID thieves will also pick up a lesson or two from the
authors. Several techniques for subverting web application into
uploading your own content and stealing access credentials (such as
cookies) are covered in the book, often with the excruciating level of
detail.
Every self-respecting web hacker should be able to keep up with their
adversaries by reading their email. Several tricks for hacking web
mail systems are also shared by the authors.
Overall, my impression is that the book is not as brilliantly written
as previous Foundstone titles. However, this is understandable since
it is very hard to beat such masterpieces as "Incident Response" and
"Hacking Exposed". It is a definite "must get!" While providing many
defense methods and "best practice" designs, the book is stronger on
the attack side.
Anton Chuvakin, Ph.D., GCIA is a Senior
Security Analyst with a major information security company. His areas
of infosec expertise include intrusion detection, UNIX security,
honeypots, etc. In his spare time he maintains his security portal
Ces commentaires ont-ils été utiles ? Dites-le-nous

Rechercher des articles similaires par rubrique


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?