Innocent Code (PDF)
A Security Wake-Up Call for Web Programmers
(Sprache: Englisch)
* This concise and practical book shows where code
vulnerabilities lie-without delving into the specifics of each
system architecture, programming or scripting language, or
application-and how best to fix them
* Based on real-world situations taken...
vulnerabilities lie-without delving into the specifics of each
system architecture, programming or scripting language, or
application-and how best to fix them
* Based on real-world situations taken...
sofort als Download lieferbar
eBook (pdf)
23.99 €
- Lastschrift, Kreditkarte, Paypal, Rechnung
- Kostenloser tolino webreader
Produktdetails
Produktinformationen zu „Innocent Code (PDF)“
* This concise and practical book shows where code
vulnerabilities lie-without delving into the specifics of each
system architecture, programming or scripting language, or
application-and how best to fix them
* Based on real-world situations taken from the author's
experiences of tracking coding mistakes at major financial
institutions
* Covers SQL injection attacks, cross-site scripting, data
manipulation in order to bypass authorization, and other attacks
that work because of missing pieces of code
* Shows developers how to change their mindset from Web site
construction to Web site destruction in order to find dangerous
code
vulnerabilities lie-without delving into the specifics of each
system architecture, programming or scripting language, or
application-and how best to fix them
* Based on real-world situations taken from the author's
experiences of tracking coding mistakes at major financial
institutions
* Covers SQL injection attacks, cross-site scripting, data
manipulation in order to bypass authorization, and other attacks
that work because of missing pieces of code
* Shows developers how to change their mindset from Web site
construction to Web site destruction in order to find dangerous
code
Inhaltsverzeichnis zu „Innocent Code (PDF)“
Foreword. Acknowledgments. Introduction. I.1 The Rules. I.2 The Examples. I.3 The Chapters. I.4 What is Not in this Book? I.5 A Note From the Author. I.6 Feedback. 1. The Basics. 1.1 HTTP. 1.2 Sessions. 1.3 HTTPS. 1.4 Summary. 1.5 Do You Want to Know More? 2. Passing Data to Subsystems. 2.1 SQL Injection. 2.2 Shell Command Injection. 2.3 Talking to Programs Written in C/C++. 2.4 The Evil Eval. 2.5 Solving Metacharacter Problems. 2.6 Summary. 3. User Input. 3.1 What is Input Anyway? 3.2 Validating Input. 3.3 Handling Invalid Input. 3.4 The Dangers of Client-side Validation. 3.5 Authorization Problems. 3.6 Protecting Server-generated Input. 3.7 Summary. 4. Output Handling: The Cross-site Scripting Problem. 4.1 Examples. 4.2 The Problem. 4.3 The Solution. 4.4 Browser Character Sets. 4.5 Summary.; 4.6 Do You Want to Know More? 5. Web Trojans. 5.1 Examples. 5.2 The Problem. 5.3 A Solution. 5.4 Summary. 6. Passwords and Other Secrets. 6.1 Crypto-stuff. 6.2 Password-based Authentication. 6.3 Secret Identifiers. 6.4 Secret Leakage. 6.5 Availability of Server-side Code. 6.6 Summary. 6.7 Do You Want to Know More? 7. Enemies of Secure Code. 7.1 Ignorance. 7.2 Mess. 7.3 Deadlines. 7.4 Salesmen. 7.5 Closing Remarks. 7.6 Do You Want to Know More? 8. Summary of Rules for Secure Coding. Appendix A: Bugs in the Web Server. Appendix B: Packet Sniffing. Appendix C: Sending HTML Formatted E-mails with Forged Sender Address. Appendix D: More Information. Acronyms. References. Index.
Autoren-Porträt von Sverre H. Huseby
Sverre Huseby runs his own company selling courses and consultancy services in Web application security. He's an active participant on webappsec mail forum.
Bibliographische Angaben
- Autor: Sverre H. Huseby
- 2004, 1. Auflage, 246 Seiten, Englisch
- Verlag: John Wiley & Sons
- ISBN-10: 0470857471
- ISBN-13: 9780470857472
- Erscheinungsdatum: 05.10.2004
Abhängig von Bildschirmgröße und eingestellter Schriftgröße kann die Seitenzahl auf Ihrem Lesegerät variieren.
eBook Informationen
- Dateiformat: PDF
- Größe: 1.72 MB
- Mit Kopierschutz
Sprache:
Englisch
Kopierschutz
Dieses eBook können Sie uneingeschränkt auf allen Geräten der tolino Familie lesen. Zum Lesen auf sonstigen eReadern und am PC benötigen Sie eine Adobe ID.
Kommentar zu "Innocent Code"
0 Gebrauchte Artikel zu „Innocent Code“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Innocent Code".
Kommentar verfassen