XSS Attacks: Cross Site Scripting Exploits and DefenseElsevier, 18 Nis 2011 - 480 sayfa A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data. XSS Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.
|
İçindekiler
15 | |
Chapter 3 XSS Theory | 67 |
Chapter 4 XSS Attack Methods | 163 |
Chapter 5 Advanced XSS Attack Vectors | 191 |
Chapter 6 XSS Exploited | 219 |
Chapter 7 Exploit Frameworks | 293 |
Chapter 8 XSS Worms | 375 |
Chapter 9 Preventing XSS Attacks | 395 |
Appendix A The Owned List | 409 |
439 | |
Diğer baskılar - Tümünü görüntüle
Sık kullanılan terimler ve kelime öbekleri
AJAX attack server attack vector AttackAPI autorun backdoor bookmarklet characters client command cookie create cross-site scripting CSRF developers document DOM Inspector DOM-based e-mail encoding error example field Figure file filter find fire Firebug Firefox Firefox Extensions first Flash function Google GreaseMonkey Hacking header hijack host IFRAME injected input inside installed Internet Intranet IP address javaScript JavaScript malware JSON load look malicious malware MHTML module MySpace object output parameter password payload perform phishing port port scanning Protocol QuickTime redirection remote request result router Samy scan session specific steal string Syngress target testing TinyURL tool user scripts victim victim’s browser Warhol worm Web application Web server window worm XMLHttpRequest XSS attacks XSS Exploit XSS vulnerability XSS-Proxy zombie