Hacking the Code:

Auditor's Guide to Writing Secure Code for the Web (Google eBook)

Syngress, May 10, 2004 - Computers - 550 pages

Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

* Learn to quickly create security tools that ease the burden of software testing and network administration
* Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development
* Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools
* Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications
* Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits

Preview this book »

What people are saying - Write a review

User Review - Flag as inappropriate

Seguran�a em aplica�oes web

Related books

Perfect Password: Selection, Protection, Authentication

Mark Burnett
Limited preview - 2006

Stealing The Network: How to Own the Box

Syngress
Limited preview - 2003

Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios

Mike Schiffman
Snippet view - 2001

All related books »

Selected pages

Page 1

Title Page

Index

Introduction	1

Establishing User Credentials	2

Enforcing Strong Passwords	3

Ensuring Strong Passwords	5

Security Policies	9

Security Policies	11

Preventing Credential Harvesting	12

The Spam King	13

Working with NET Encryption Features	199

Code Audit Fast Track	200

Keeping Memory Clean	201

Frequently Asked Questions	202

Filtering User Input	204

Introduction	205

Handling Malicious Input	206

Other Sources of Input	208

Limiting Credential Exposure	14

Security Policies	15

Security Policies	17

Managing Passwords	18

Security Policies	21

Security Policies	24

Security Policies	26

Resetting Lost or Forgotten Passwords	27

Security Policies	32

Sending Information Via EMail	33

Security Policies	35

Building the Code	36

Using Secret Questions	37

Building the Code	40

Security Policies	41

Security Policies	43

Security Policies	44

Coding Standards Fast Track	45

Changing Passwords	46

Empowering Users	47

Managing Passwords	48

Sending Information Via EMail	49

Frequently Asked Questions	50

Authenticating and Authorizing Users	52

Introduction	53

Authenticating Users	54

Security Policies	56

Using Forms Authentication	57

Conﬁguring Forms Authentication	63

Security Policies	64

Basic Authentication	65

Digest Authentication	66

Integrated Windows Authentication	67

Client Certiﬁcate Mapping	68

Authenticating Users	69

Security Policies	74

Security Policies	77

Locking Accounts	78

Finding Other Countermeasures	80

Security Policies	85

Deciding How to Authorize	86

Roles and Resources	89

Security Policies	90

Security Policies	91

Applying URL Authorization	92

HTTP Verbs	94

Files and Paths	96

Conﬁguration Hierarchy	97

Security Policies	98

Declarative Authorization	99

Explicit Authorization	100

Security Policies	101

Coding Standards Fast Track	102

Blocking BruteForce Attacks	103

Applying URL Authorization	104

Using Windows Authentication	105

Employing File Authorization	106

Frequently Asked Questions	107

Managing Sessions	108

Introduction	109

Authentication Tokens	110

Maintaining State	112

Does the Application Use a Sufﬁciently Large Keyspace?	113

Is It Possible for a User to Manipulate the Token to Hop to Another Account?	114

Does the Client Store the Token After the Session Ends?	115

Selecting a Token Mechanism	116

CookieBased Tokens	117

Security Policies	118

Securing InProcess State	119

Securing SQL Server State Management	121

General Settings	122

Using ASPNET Tokens	123

Cookie Domain	124

Cookie Path	126

Cookie Expiration	127

Secure Cookies	129

Cookie Values	130

Protecting View State	131

Security Policies	134

Creating Tokens	135

Binding to the Client	138

Security Policies	140

Terminating Sessions	141

Security Policies	143

Coding Standards Fast Track	144

Using ASPNET Tokens	145

Terminating Sessions	146

Using State Providers	147

Enhancing ASPNET State Management	148

Frequently Asked Questions	149

Introduction	153

Using Cryptography in ASPNET	154

Employing Symmetric Cryptography	155

DES and 3DES	158

Rijndael	162

RC2	164

Selecting an Algorithm	165

Establishing Keys and Initialization Vectors	169

Security Policies	176

Working with Hashing Algorithms	178

Verifying Integrity	180

Hashing Passwords	182

Security Policy	185

Creating Random Numbers	186

Security Policy	187

Security Policies	189

Storing Secrets in a File	191

Storing Secrets in the Registry	193

Storing Secrets Using DPAPI	194

Protecting Communications with SSL	195

Security Policies	197

Coding Standards Fast Track	198

Security Policy	210

Centralizing Code	212

Testing and Auditing	213

Security Policy	217

Bounds Checking	218

Validator Controls	219

Security Policy	221

Escaping Data	224

Security Policy	225

Reﬂecting the Data	226

Security Policy	228

Encoding Data	229

Security Policy	233

Security Policy	234

Security Policy	236

Security Policy	238

Security Policy	239

Security Policy	240

Security Policy	242

Unused Code	243

Limiting Access to Code	245

Security Policy	246

ServerSide Code	247

Request Length	248

Security Policy	249

Coding Standards Fast Track	250

Data Reﬂecting	251

Exception Handling	252

Hardening Server Applications	253

Pattern Matching	254

Double Decoding	255

Limiting Attack Scope	256

Frequently Asked Questions	257

Introduction	261

Securing Databases	262

Security Policy	264

Securing Speciﬁc Drivers	266

IIS with ODBC	268

Security Policy	269

Security Policy	271

Security Policy	273

Authentication	274

Protecting Connection Strings	276

Authorization	277

Security Policy	278

Preventing SQL Injection	279

Filtering or Escaping Dangerous Characters	284

Using SqlParameters	286

Constraining Data Types and Length	288

Handling Errors on the Server	289

Security Policy	290

Security Policy	295

Security Policy	301

Coding Standards Fast Track	302

Writing Secure Data Access Code	303

Code Audit Fast Track	304

Securing the Database	305

Reading and Writing to Data Files	306

Developing Secure ASPNET Applications	308

Introduction	309

Constructing Safe HTML	310

Security Policy	313

Security Policy	314

Using Structured Error Handling	316

Structured Error Handling	318

Security Policy	320

Generic Errors	321

Logging Errors	322

Security Policy	324

Coding Standards Fast Track	325

Handling Exceptions	326

Preventing Information Leaks	327

Frequently Asked Questions	328

Introduction	331

Encrypting XML Data	332

XML Encryption Process	338

XML Encryption Example	339

Security Policies	347

XML Digital Signatures Speciﬁcation	348

XML Digital Signature Example	350

Security Policies	356

Coding Standards Fast Track	357

Applying XML Digital Signatures	358

Understanding NET Security	360

Introduction	361

Principal	362

Authentication	363

Type Safety	364

Stack Walking	365

Code Identity	367

Code Groups	368

Declarative and Imperative Security	370

Requesting Permissions	372

Demanding Permissions	375

Overriding Security Checks	378

Custom Permissions	384

RoleBased Security	386

WindowsPrincipal	387

GenericPrincipal	388

Manipulating Identity	389

RoleBased Security Checks	391

Security Policies	395

Creating a New Permission Set	398

Modifying the Code Group Structure	404

Remoting Security	411

Security Tools	414

Summary	417

Security Fast Track	418

Frequently Asked Questions	422

Index	428

Copyright

Common terms and phrases

account hijacking allow users application ASP.NET assembly attack surface basic authentication block browser brute-force attacks buffer byte CAPTCHA characters ciphertext client code access Code Audit code group configuration connection strings Continued Figure cookie create cross-site scripting cryptography database decrypt decryptedString default domain DPAPI e-mail element encoding error handling error messages example expiration FileIOPermission filtering forms authentication Framework Frequently Asked Questions gain access hackers hashing algorithms identity Information leakage Internet IP address limit Malicious Input man-in-the-middle attacks match method permission set plainText prevent query random number registry request Rijndael role secret questions Security Policies session fixation session token shown in Figure specific SQL injection SQL Server SqlParameter stack walk Symmetric Cryptography syntax techniques Threats tion UIPermission user input user�s valid VB.NET vulnerable Web application web.config web.config file Windows Authentication WindowsPrincipal XML Digital Signature XML document XML encryption

References to this book

From Google Scholar

Security Frameworks For Virtual Organizations

Jarosław Magiera, Adam Pawlak

CAPTCHA as a Web Security Control

Cross Site Scripting-Latest developments and solutions: A survey

Jayamsakthi Shanmugam, M Ponnavaikko - 2008 - Int. J. Open Problems Compt. Math

Equipo Nacional JCCE

V Clase, I Clase, II Clase, IV Clase

All Scholar search results »

References from web pages

Hacking the Code: ASP.NET Web Application Security
securityfocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's ...
www.securityfocus.com/ excerpts/ 13/ 4

Hacking the Code: ASP.NET Web Application Security - Ebooks Hacker ...
Hacking the Code: ASP.NET Web Application Security ISBN: 1932266658 Author: Mark Burnett Publisher: Syngress Edition: 1 edition (May, 2004) Paperback: 472 ...
nicescript.net/ ebooks-hacker-nulled-script/ hacking-the-code-aspnet-web-application-security.html

sciencedirect - Hacking the Code Home Page
sciencedirect - the world's leading platform offers over 2000 high quality peer-reviewed full-text journals and books on science, technology and medicine
www.science-direct.com/ science/ book/ 9781932266658

Electronic Resources
E-resource on trial. Ask a Librarian Seek information advisory service · HKUL > Electronic Resources. Hacking the code : ASP.NET web application security ...
sunzi1.lib.hku.hk/ ER/ detail/ hkul/ 3180984

Syngress Publishing announces the release of "Hacking the Code ...
"Hacking the Code: ASP.NET Web Application Security" will arrive in bookstores and at online retailers in May. Security expert Mark Burnett asks his readers ...
findarticles.com/ p/ articles/ mi_hb5243/ is_200405/ ai_n19841937

Hacking the Code - ASP.NET Web Application Security - 手册之家
Hacking the Code�ASP.NET Web Application Security. Mark Burnett James C. Foster Technical Editor. Syngress Publishing, Inc., the author(s), and any person ...
www.chmhome.com/ hacking_aspnet_web/ 5924final/ LiB0001.html

الكتاب المذهل في عالم هاك المواقع Hacking the Code: ASP.NET Web ...
Hacking the Code: ASP.NET Web Application Security ISBN: 1932266658 | Author: Mark Burnett | Publisher: Syngress | Edition: 1 edition (May, ...
www.alhandasa.net/ forum/ showthread.php?t=114246

Hacking the Code � p30cyber - The Best Warez Website
Hacking the Code: ASP.NET Web Application Security By Mark Burnett * Publisher: Syngress * Number Of Pages: 472 * Publication Date: 2004-05 * Sales Rank: ...
www.p30cyber.com/ soft/ 2007/ 05/ 26/ hacking_the_code.html

Securely manage user sessions and create strong user ...
Investigate threats to your Web application code in Hacking the Code: ASP.NET Web Application Security, then consider a menu of solutions, ...
downloads.techrepublic.com.com/ download.aspx?=& docid=307172& kw=syngress

Blocking Brute Force Attacks - OWASP
Contents. 1 Blocking Brute Force Attacks; 2 Locking Accounts; 3 Finding Other Countermeasures; 4 Sidebar: Using CAPTCHAS ...
www.owasp.org/ index.php/ Blocking_Brute_Force_Attacks

Bibliographic information

Title	Hacking the Code: Auditor's Guide to Writing Secure Code for the Web
Author	Mark Burnett
Edition	revised
Publisher	Syngress, 2004
ISBN	0080478174, 9780080478173
Length	550 pages
Subjects	Computers › Security › General Computers / Computer Science Computers / Security / General

Export Citation	BiBTeX EndNote RefMan

About Google Books - Privacy Policy - Terms of Service - Blog - Information for Publishers - Report an issue - Help - Sitemap - Google Home