"This book concisely identifies the types of attacks which are faced
daily by Web 2.0 sites, and the authors give solid, practical advice on
how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP,
CFCE, Senior Director of Security, Facebook Protect your Web 2.0
architecture against the latest wave of cybercrime using expert tactics
from Internet security professionals. Hacking Exposed Web 2.0 shows how
hackers perform reconnaissance, choose their entry point, and attack Web
2.0-based services, and reveals detailed countermeasures and defense
techniques. You'll learn how to avoid injection and buffer overflow
attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and
XML-driven applications. Real-world case studies illustrate social
networking site weaknesses, cross-site attack methods, migration
vulnerabilities, and IE7 shortcomings.
- Plug security holes in Web 2.0 implementations the proven Hacking
Exposed way
- Learn how hackers target and abuse vulnerable Web 2.0 applications,
browsers, plug-ins, online databases, user inputs, and HTML forms
- Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command
injection attacks
- Circumvent XXE, directory traversal, and buffer overflow exploits
- Learn XSS and Cross-Site Request Forgery methods attackers use to
bypass browser security controls
- Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
- Use input validators and XML classes to reinforce ASP and .NET
security
- Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct
Web Remoting, Sajax, and GWT Web applications
- Mitigate ActiveX security exposures using SiteLock, code signing,
and secure controls
- Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks
URL:
Code:
http://www.amazon.com/exec/obidos/tg/detail/-/0071494618/
Code:
http://rapidshare.com/files/95219435/McGraw.Hill.Hacking.Exposed.Web.2.0.Dec.2007.pdf
