Hacking Exposed ™ Web 2.0 Reviews
Hacking Exposed ™ Web 2.0 Reviews
Security Secret and Solution
Author: Rich Cannings, Himanshu Dwivedi, Zane Lackey
Publisher: McGraw-Hill
ISBN: 0-07-149461-8
2008
BOOK OVERVIEW
The focus of this book is Web 2.0 application security. As mentioned, many Web 1.0
attacks are carried over to the Web 2.0 world. This book will show how this is exactly completed
specifically, how old attacks, such as XSS, will appear in Web 2.0 applications and
technologies. In addition to applying old attacks to this new technology, which is a theme in the security world, this book discusses how older technologies are being used more heavily on the web. Technologies such as ActiveX and Flash have been around for while, but they are being used more and more in Web 2.0 applications. Lastly, newer attack classes, such as cross-domain attacks, will be discussed. These attacks significantly increase the attack surface as end users can be attacked on one domain by visiting another.
Part I
Part I begins with common injection attacks. This chapter discusses injection attacks that
have been around for awhile, such as SQL injection, as well as new injection issues
prevalent in Web 2.0, such as XPath and XXE (XML eXternal Entity) attacks
Part II
The next part of the book, “Next Generation Web Application Attacks,” covers the new
attack classes that appear with Web 2.0 applications
Part III
The third part of this book is dedicated to AJAX. Since Web 2.0 web applications often
involve AJAX
Part IV
The last part of the book is on thick clients. The first chapter in this part covers ActiveX
security
Download : rapidshare
Security Secret and Solution
Author: Rich Cannings, Himanshu Dwivedi, Zane Lackey
Publisher: McGraw-Hill
ISBN: 0-07-149461-8
2008
BOOK OVERVIEW
The focus of this book is Web 2.0 application security. As mentioned, many Web 1.0
attacks are carried over to the Web 2.0 world. This book will show how this is exactly completed
specifically, how old attacks, such as XSS, will appear in Web 2.0 applications and
technologies. In addition to applying old attacks to this new technology, which is a theme in the security world, this book discusses how older technologies are being used more heavily on the web. Technologies such as ActiveX and Flash have been around for while, but they are being used more and more in Web 2.0 applications. Lastly, newer attack classes, such as cross-domain attacks, will be discussed. These attacks significantly increase the attack surface as end users can be attacked on one domain by visiting another.
Part I
Part I begins with common injection attacks. This chapter discusses injection attacks that
have been around for awhile, such as SQL injection, as well as new injection issues
prevalent in Web 2.0, such as XPath and XXE (XML eXternal Entity) attacks
Part II
The next part of the book, “Next Generation Web Application Attacks,” covers the new
attack classes that appear with Web 2.0 applications
Part III
The third part of this book is dedicated to AJAX. Since Web 2.0 web applications often
involve AJAX
Part IV
The last part of the book is on thick clients. The first chapter in this part covers ActiveX
security
Download : rapidshare