Hacking the Code: Auditor's Guide to Writing Secure Code for the Web (Google eBook)

Front Cover
Syngress, May 10, 2004 - Computers - 550 pages
4 Reviews
Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

* Learn to quickly create security tools that ease the burden of software testing and network administration
* Find out about key security issues regarding vulnerabilities, exploits, programming flaws, and secure code development
* Discover the differences in numerous types of web-based attacks so that developers can create proper quality assurance testing procedures and tools
* Learn to automate quality assurance, management, and development tasks and procedures for testing systems and applications
* Learn to write complex Snort rules based solely upon traffic generated by network tools and exploits
  

What people are saying - Write a review

User Review - Flag as inappropriate

Segurança em aplicaçoes web

Selected pages

Contents

Working with NET Encryption Features
199
Code Audit Fast Track
200
Keeping Memory Clean
201
Frequently Asked Questions
202
Filtering User Input
204
Introduction
205
Handling Malicious Input
206
Other Sources of Input
208

Limiting Credential Exposure
14
Security Policies
15
Security Policies
17
Managing Passwords
18
Security Policies
21
Security Policies
24
Security Policies
26
Resetting Lost or Forgotten Passwords
27
Security Policies
32
Sending Information Via EMail
33
Security Policies
35
Building the Code
36
Using Secret Questions
37
Building the Code
40
Security Policies
41
Security Policies
43
Security Policies
44
Coding Standards Fast Track
45
Changing Passwords
46
Empowering Users
47
Managing Passwords
48
Sending Information Via EMail
49
Frequently Asked Questions
50
Authenticating and Authorizing Users
52
Introduction
53
Authenticating Users
54
Security Policies
56
Using Forms Authentication
57
Configuring Forms Authentication
63
Security Policies
64
Basic Authentication
65
Digest Authentication
66
Integrated Windows Authentication
67
Client Certificate Mapping
68
Authenticating Users
69
Security Policies
74
Security Policies
77
Locking Accounts
78
Finding Other Countermeasures
80
Security Policies
85
Deciding How to Authorize
86
Roles and Resources
89
Security Policies
90
Security Policies
91
Applying URL Authorization
92
HTTP Verbs
94
Files and Paths
96
Configuration Hierarchy
97
Security Policies
98
Declarative Authorization
99
Explicit Authorization
100
Security Policies
101
Coding Standards Fast Track
102
Blocking BruteForce Attacks
103
Applying URL Authorization
104
Using Windows Authentication
105
Employing File Authorization
106
Frequently Asked Questions
107
Managing Sessions
108
Introduction
109
Authentication Tokens
110
Maintaining State
112
Does the Application Use a Sufficiently Large Keyspace?
113
Is It Possible for a User to Manipulate the Token to Hop to Another Account?
114
Does the Client Store the Token After the Session Ends?
115
Selecting a Token Mechanism
116
CookieBased Tokens
117
Security Policies
118
Securing InProcess State
119
Securing SQL Server State Management
121
General Settings
122
Using ASPNET Tokens
123
Cookie Domain
124
Cookie Path
126
Cookie Expiration
127
Secure Cookies
129
Cookie Values
130
Protecting View State
131
Security Policies
134
Creating Tokens
135
Binding to the Client
138
Security Policies
140
Terminating Sessions
141
Security Policies
143
Coding Standards Fast Track
144
Using ASPNET Tokens
145
Terminating Sessions
146
Using State Providers
147
Enhancing ASPNET State Management
148
Frequently Asked Questions
149
Introduction
153
Using Cryptography in ASPNET
154
Employing Symmetric Cryptography
155
DES and 3DES
158
Rijndael
162
RC2
164
Selecting an Algorithm
165
Establishing Keys and Initialization Vectors
169
Security Policies
176
Working with Hashing Algorithms
178
Verifying Integrity
180
Hashing Passwords
182
Security Policy
185
Creating Random Numbers
186
Security Policy
187
Security Policies
189
Storing Secrets in a File
191
Storing Secrets in the Registry
193
Storing Secrets Using DPAPI
194
Protecting Communications with SSL
195
Security Policies
197
Coding Standards Fast Track
198
Security Policy
210
Centralizing Code
212
Testing and Auditing
213
Security Policy
217
Bounds Checking
218
Validator Controls
219
Security Policy
221
Escaping Data
224
Security Policy
225
Reflecting the Data
226
Security Policy
228
Encoding Data
229
Security Policy
233
Security Policy
234
Security Policy
236
Security Policy
238
Security Policy
239
Security Policy
240
Security Policy
242
Unused Code
243
Limiting Access to Code
245
Security Policy
246
ServerSide Code
247
Request Length
248
Security Policy
249
Coding Standards Fast Track
250
Data Reflecting
251
Exception Handling
252
Hardening Server Applications
253
Pattern Matching
254
Double Decoding
255
Limiting Attack Scope
256
Frequently Asked Questions
257
Introduction
261
Securing Databases
262
Security Policy
264
Securing Specific Drivers
266
IIS with ODBC
268
Security Policy
269
Security Policy
271
Security Policy
273
Authentication
274
Protecting Connection Strings
276
Authorization
277
Security Policy
278
Preventing SQL Injection
279
Filtering or Escaping Dangerous Characters
284
Using SqlParameters
286
Constraining Data Types and Length
288
Handling Errors on the Server
289
Security Policy
290
Security Policy
295
Security Policy
301
Coding Standards Fast Track
302
Writing Secure Data Access Code
303
Code Audit Fast Track
304
Securing the Database
305
Reading and Writing to Data Files
306
Developing Secure ASPNET Applications
308
Introduction
309
Constructing Safe HTML
310
Security Policy
313
Security Policy
314
Using Structured Error Handling
316
Structured Error Handling
318
Security Policy
320
Generic Errors
321
Logging Errors
322
Security Policy
324
Coding Standards Fast Track
325
Handling Exceptions
326
Preventing Information Leaks
327
Frequently Asked Questions
328
Introduction
331
Encrypting XML Data
332
XML Encryption Process
338
XML Encryption Example
339
Security Policies
347
XML Digital Signatures Specification
348
XML Digital Signature Example
350
Security Policies
356
Coding Standards Fast Track
357
Applying XML Digital Signatures
358
Understanding NET Security
360
Introduction
361
Principal
362
Authentication
363
Type Safety
364
Stack Walking
365
Code Identity
367
Code Groups
368
Declarative and Imperative Security
370
Requesting Permissions
372
Demanding Permissions
375
Overriding Security Checks
378
Custom Permissions
384
RoleBased Security
386
WindowsPrincipal
387
GenericPrincipal
388
Manipulating Identity
389
RoleBased Security Checks
391
Security Policies
395
Creating a New Permission Set
398
Modifying the Code Group Structure
404
Remoting Security
411
Security Tools
414
Summary
417
Security Fast Track
418
Frequently Asked Questions
422
Index
428
Copyright

Common terms and phrases

Popular passages

Page 38 - New York, Los Angeles, Chicago, Houston, Philadelphia, Phoenix, San Diego, Dallas, San Antonio, and Detroit...

About the author (2004)

Mark Burnett is a multiple Emmy Award winning producer of some of the biggest prime-time network television shows in history, including "Survivor", " The Apprentice", " Shark Tank", and "The Voice". He has produced over two thousand hours of American prime-time programming. Burnett also collaborated with his wife, Roma Downey, to produce "The Bible", a ten hour global television miniseries.

Bibliographic information