دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: [2 ed.]
نویسندگان: Andrew Hoffman
سری:
ISBN (شابک) : 1098143930, 9781098143930
ناشر: O'Reilly Media
سال نشر: 2024
تعداد صفحات: 441
[444]
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 14 Mb
در صورت تبدیل فایل کتاب Web Application Security: Exploitation and Countermeasures for Modern Web Applications به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب امنیت برنامه های کاربردی وب: بهره برداری و اقدامات متقابل برای برنامه های کاربردی وب مدرن نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
اندرو هافمن در اولین ویرایش این کتاب که مورد تحسین منتقدان قرار گرفت، سه ستون امنیت برنامه را تعریف کرد: شناسایی، حمله و دفاع. در این ویرایش دوم اصلاحشده و بهروزرسانی شده، او دهها موضوع مرتبط، از جدیدترین انواع حملات و کاهشدهندهها گرفته تا مدلسازی تهدید، چرخه حیات توسعه نرمافزار امن (SSDL/SDLC) و موارد دیگر را بررسی میکند. هافمن، مهندس امنیت کارکنان ارشد در Ripple، همچنین اطلاعاتی در مورد بهرهبرداریها و کاهشدهندههای چندین فناوری کاربردی وب دیگر مانند GraphQL، استقرار مبتنی بر ابر، شبکههای تحویل محتوا (CDN) و رندر سمت سرور (SSR) ارائه میدهد. پس از برنامه درسی کتاب اول، این ویرایش دوم به سه ستون مجزا تقسیم میشود که شامل سه مجموعه مهارت جداگانه است: ستون 1: Recon--آموزش تکنیکها برای نقشهبرداری و مستندسازی برنامههای کاربردی وب از راه دور، از جمله روشهای کار با برنامههای کاربردی وب، ستون 2: تخلف - روشهایی را برای حمله به برنامههای کاربردی وب با استفاده از تعدادی اکسپلویت بسیار مؤثر که توسط بهترین هکرهای جهان به اثبات رسیده است، کاوش کنید. این مهارتها زمانی ارزشمند هستند که در کنار مهارتهای ستون 3 مورد استفاده قرار گیرند. ستون 3: دفاع - بر مهارتهای کسبشده در دو بخش اول برای ایجاد اقدامات کاهش مؤثر و طولانیمدت برای هر یک از حملاتی که در ستون 2 توضیح داده شده است، بسازید.
In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of application security: reconnaissance, offense, and defense. In this revised and updated second edition, he examines dozens of related topics, from the latest types of attacks and mitigations to threat modeling, the secure software development lifecycle (SSDL/SDLC), and more. Hoffman, senior staff security engineer at Ripple, also provides information regarding exploits and mitigations for several additional web application technologies such as GraphQL, cloud-based deployments, content delivery networks (CDN) and server-side rendering (SSR). Following the curriculum from the first book, this second edition is split into three distinct pillars comprising three separate skill sets: Pillar 1: Recon--Learn techniques for mapping and documenting web applications remotely, including procedures for working with web applications Pillar 2: Offense--Explore methods for attacking web applications using a number of highly effective exploits that have been proven by the best hackers in the world. These skills are valuable when used alongside the skills from Pillar 3. Pillar 3: Defense--Build on skills acquired in the first two parts to construct effective and long-lived mitigations for each of the attacks described in Pillar 2.
Copyright Table of Contents Preface Changes from the First Edition Prerequisite Knowledge and Learning Goals Why Are Examples in JavaScript? Why Teach Concepts Instead of Tools? Suggested Background Minimum Required Skills Who Benefits Most from Reading This Book? Software Engineers and Web Application Developers General Learning Goals Security Engineers, Pen Testers, and Bug Bounty Hunters How Is This Book Organized? Recon Offense Defense Language and Terminology Summary Conventions Used in This Book O’Reilly Online Learning How to Contact Us Acknowledgments Chapter 1. The History of Software Security The Origins of Hacking The Enigma Machine, Circa 1930 Automated Enigma Code Cracking, Circa 1940 Telephone “Phreaking,” Circa 1950 Anti-Phreaking Technology, Circa 1960 The Origins of Computer Hacking, Circa 1980 The Rise of the World Wide Web, Circa 2000 Hackers in the Modern Era, Circa 2015+ Summary Part I. Recon Chapter 2. Introduction to Web Application Reconnaissance Information Gathering Web Application Mapping Summary Chapter 3. The Structure of a Modern Web Application Modern Versus Legacy Web Applications REST APIs JavaScript Object Notation JavaScript Variables and Scope Functions Context Prototypal Inheritance Asynchrony Browser DOM SPA Frameworks Authentication and Authorization Systems Authentication Authorization Web Servers Server-Side Databases Client-Side Data Stores GraphQL Version Control Systems CDN/Cache Summary Chapter 4. Finding Subdomains Multiple Applications per Domain The Browser’s Built-In Network Analysis Tools Taking Advantage of Public Records Search Engine Caches Accidental Archives Social Snapshots Zone Transfer Attacks Brute Forcing Subdomains Dictionary Attacks Summary Chapter 5. API Analysis Endpoint Discovery Authentication Mechanisms Endpoint Shapes Common Shapes Application-Specific Shapes Summary Chapter 6. Identifying Third-Party Dependencies Detecting Client-Side Frameworks Detecting SPA Frameworks Detecting JavaScript Libraries Detecting CSS Libraries Detecting Server-Side Frameworks Header Detection Default Error Messages and 404 Pages Database Detection Summary Chapter 7. Identifying Weak Points in Application Architecture Secure Versus Insecure Architecture Signals Multiple Layers of Security Adoption and Reinvention Summary Chapter 8. Part I Summary Part II. Offense Chapter 9. Introduction to Hacking Web Applications The Hacker’s Mindset Applied Recon Chapter 10. Cross-Site Scripting XSS Discovery and Exploitation Stored XSS Reflected XSS DOM-Based XSS Mutation-Based XSS Bypassing Filters Self-Closing HTML Tags Protocol-Relative URLs Malformed Tags Encoding Escapes Polyglot Payloads XSS Sinks and Sources Summary Chapter 11. Cross-Site Request Forgery Query Parameter Tampering Alternate GET Payloads CSRF Against POST Endpoints Bypassing CSRF Defenses Header Validation Token Pools Weak Tokens Content Types Regex Filter Bypasses Iframe Payloads AJAX Payloads Zero Interaction Forms Summary Chapter 12. XML External Entity XXE Fundamentals Direct XXE Indirect XXE Out-of-Band Data Exfiltration Account Takeover Workflow Obtaining System User Data Obtaining Password Hashes Cracking Password Hashes SSH Remote Login Summary Chapter 13. Injection SQL Injection Code Injection Command Injection Injection Data Exfiltration Techniques Data Exfiltration Fundamentals In-Band Data Exfiltration Out-of-Band Data Exfiltration Inferential Data Exfiltration Bypassing Common Defenses Summary Chapter 14. Denial of Service Regex DoS Logical DoS Vulnerabilities Distributed DoS Advanced DoS YoYo Attacks Compression Attacks Proxy-Based DoS Summary Chapter 15. Attacking Data and Objects Mass Assignment Insecure Direct Object Reference Serialization Attacks Web Serialization Explained Attacking Weak Serialization Summary Chapter 16. Client-Side Attacks Methods of Attacking a Browser Client Client-Targeted Attacks Client-Specific Attacks Advantages of Client-Side Attacks Prototype Pollution Attacks Understanding Prototype Pollution Attacking with Prototype Pollution Prototype Pollution Archetypes Clickjacking Attacks Camera and Microphone Exploit Creating Clickjacking Exploits Tabnabbing and Reverse Tabnabbing Traditional Tabnabbing Reverse Tabnabbing Summary Chapter 17. Exploiting Third-Party Dependencies Methods of Integration Branches and Forks Self-Hosted Application Integrations Source Code Integration Package Managers JavaScript Java Other Languages Common Vulnerabilities and Exposures Database Summary Chapter 18. Business Logic Vulnerabilities Custom Math Vulnerabilities Programmed Side Effects Quasi-Cash Attacks Vulnerable Standards and Conventions Exploiting Business Logic Vulnerabilities Summary Chapter 19. Part II Summary Part III. Defense Chapter 20. Securing Modern Web Applications Defensive Software Architecture Comprehensive Code Reviews Vulnerability Discovery Vulnerability Analysis Vulnerability Management Regression Testing Mitigation Strategies Applied Recon and Offense Techniques Summary Chapter 21. Secure Application Architecture Analyzing Feature Requirements Authentication and Authorization Secure Sockets Layer and Transport Layer Security Secure Credentials Hashing Credentials MFA PII and Financial Data Search Engines Zero Trust Architecture The History of Zero Trust Implicit Versus Explicit Trust Authentication and Authorization Summary Chapter 22. Secure Application Configuration Content Security Policy Implementing CSP CSP Structure Important Directives CSP Sources and Source Lists Strict CSP Example Secure CSP Policy Cross-Origin Resource Sharing Types of CORS Requests Simple CORS Requests Preflighted CORS Requests Implementing CORS Headers Strict Transport Security Cross-Origin-Opener Policy (COOP) Cross-Origin-Resource-Policy (CORP) Headers with Security Implications Legacy Security Headers Cookies Creating and Securing Cookies Testing Cookies Framing and Sandboxing Traditional Iframe Web Workers Subresource Integrity Shadow Realms Summary Chapter 23. Secure User Experience Information Disclosures and Enumeration Information Disclosures Enumeration Secure User Experience Best Practices Summary Chapter 24. Threat Modeling Applications Designing an Effective Threat Model Threat Modeling by Example Logic Design Technical Design Threat Identification (Threat Actors) Threat Identification (Attack Vectors) Identifying Mitigations Delta Identification Summary Chapter 25. Reviewing Code for Security How to Start a Code Review Archetypical Vulnerabilities Versus Business Logic Vulnerabilities Where to Start a Security Review Secure-Coding Anti-Patterns Blocklists Boilerplate Code Trust-by-Default Client/Server Separation Summary Chapter 26. Vulnerability Discovery Security Automation Static Analysis Dynamic Analysis Vulnerability Regression Testing Responsible Disclosure Programs Bug Bounty Programs Third-Party Penetration Testing Summary Chapter 27. Vulnerability Management Reproducing Vulnerabilities Ranking Vulnerability Severity Common Vulnerability Scoring System CVSS: Base Scoring CVSS: Temporal Scoring CVSS: Environmental Scoring Advanced Vulnerability Scoring Beyond Triage and Scoring Summary Chapter 28. Defending Against XSS Attacks Anti-XSS Coding Best Practices Sanitizing User Input DOMParser Sink SVG Sink Blob Sink Sanitizing Hyperlinks HTML Entity Encoding CSS XSS Content Security Policy for XSS Prevention Script Source Unsafe Eval and Unsafe Inline Implementing a CSP Summary Chapter 29. Defending Against CSRF Attacks Header Verification CSRF Tokens Anti-CRSF Coding Best Practices Stateless GET Requests Application-Wide CSRF Mitigation Summary Chapter 30. Defending Against XXE Evaluating Other Data Formats Advanced XXE Risks Summary Chapter 31. Defending Against Injection Mitigating SQL Injection Detecting SQL Injection Prepared Statements Database-Specific Defenses Generic Injection Defenses Potential Injection Targets Principle of Least Authority Allowlisting Commands Summary Chapter 32. Defending Against DoS Protecting Against Regex DoS Protecting Against Logical DoS Protecting Against DDoS Summary Chapter 33. Defending Data and Objects Defending Against Mass Assignment Validation and Allowlisting Data Transfer Objects Defending Against IDOR Defending Against Serialization Attacks Summary Chapter 34. Defense Against Client-Side Attacks Defending Against Prototype Pollution Key Sanitization Prototype Freezing Null Prototypes Defending Against Clickjacking Frame Ancestors Framebusting Defending Against Tabnabbing Cross-Origin-Opener Policy Link Blockers Isolation Policies Summary Chapter 35. Securing Third-Party Dependencies Evaluating Dependency Trees Modeling a Dependency Tree Dependency Trees in the Real World Automated Evaluation Secure Integration Techniques Separation of Concerns Secure Package Management Summary Chapter 36. Mitigating Business Logic Vulnerabilities Architecture-Level Mitigations Statistical Modeling Modeling Inputs Modeling Actions Model Development Model Analysis Summary Chapter 37. Part III Summary Conclusion The History of Software Security Recon Offense Defense More to Learn Index About the Author Colophon