Web Hacking

(NOTE: Each chapter begins with an Introduction and concludes with a Summary.) Foreword. Introduction. "We're Secure, We Have a Firewall". To Err Is Human. Writing on the Wall. Book Organization. Parts. Chapters. A Final Word. Acknowledgments. Contributor. I. THE E-COMMERCE PLAYGROUND. Case Study: Acme Art, Inc. Hacked! 1. Web Languages: The Babylon of the 21st Century. Languages of the Web. HTML. Dynamic HTML (DHTML). XML. XHTML. Perl. PHP. ColdFusion. Active Server Pages. CGI. Java. 2. Web and Database Servers. Web Servers. Apache. Microsoft's Internet Information Server (IIS). Database Servers. Microsoft SQL Server. Oracle. 3. Shopping Carts and Payment Gateways. Evolution of the Storefront. Electronic Shopping. Shopping Cart Systems. Scope and Lifetime of an Electronic Shopping Cart. Collecting, Analyzing, and Comparing Selected Components. Keeping Track of the Total Cost. Change of Mind. Processing the Purchase. Implementation of a Shopping Cart Application. Product Catalog. Session Management. Database Interfacing. Integration with the Payment Gateway. Examples of Poorly Implemented Shopping Carts. Carello Shopping Cart. DCShop Shopping Cart. Hassan Consulting's Shopping Cart. Cart32 and Several Other Shopping Carts. Processing Payments. Finalizing the Order. Method of Payment. Verification and Fraud Protection. Order Fulfillment and Receipt Generation. Overview of the Payment Processing System. Innovative Ways to Combat Credit Card Fraud. Order Confirmation Page. Payment Gateway Interface. Transaction Database Interface. Interfacing with a Payment Gateway - An Example. Payment System Implementation Issues. Integration. Temporary Information. SSL. Storing User Profiles. Vulnerabilities Caused by Poor Integration of Shopping Cart and Payment Gateway. PayPal - Enabling Individuals to Accept Electronic Payments. 4. HTTP and HTTPS: The Hacking Protocols. Protocols of the Web. HTTP. HTTPS (HTTP over SSL). 5. URL: The Web Hacker's Sword. URL Structure. Web Hacker