XSS Attacks: Cross Site Scripting Exploits and Defense

Ön Kapak
Syngress, 23 May 2007 - 448 sayfa
A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data.

XSS Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.

  • XSS Vulnerabilities exist in 8 out of 10 Web sites
  • The authors of this book are the undisputed industry leading authorities
  • Contains independent, bleeding edge research, code listings and exploits that can not be found anywhere else
 

Seçilmiş sayfalar

İçindekiler

Chapter 2 The XSS Discovery Toolkit
15
Chapter 3 XSS Theory
67
Chapter 4 XSS Attack Methods
163
Chapter 5 Advanced XSS Attack Vectors
191
Chapter 6 XSS Exploited
219
Chapter 7 Exploit Frameworks
293
Chapter 8 XSS Worms
375
Chapter 9 Preventing XSS Attacks
395
Appendix A The Owned List
409
Index
439
Telif Hakkı

Diğer baskılar - Tümünü görüntüle

XSS Attacks: Cross Site Scripting Exploits and Defense
Seth Fogie,Jeremiah Grossman,Robert Hansen,Anton Rager,Petko D. Petkov
Sınırlı önizleme - 2011
XSS Attacks: Cross-site Scripting Exploits and Defense

Önizleme Yok - 2007

Sık kullanılan terimler ve kelime öbekleri

admin AJAX attack vector AttackAPI Autorun backdoor bookmarklet Bookmarks Tools Help Browser Exploitation client configuration Console cookie create cross-site scripting CSRF Document DOM Inspector e-mail Edit View History encoding error example Figure File Edit View filter Firebug Firefox Extensions Firefox File Edit firewalls Flash function Go Bookmarks Tools Google Mail GreaseMonkey Hacking header hijack History Bookmarks Tools host IFRAME injected input inside Internet Explorer IP address JavaScript JSON load malicious malware MHTML module Mozilla Firefox File MySpace object Options parameter password payload phishing port Protocol Proxy QuickTime redirection request result router scan Search session string SYNGRESS target TinyURL user scripts victim victim's browser View History Bookmarks Warhol worm Web application Web server Windows worm www.syngress.com XMLHttpRequest XSS attacks XSS vulnerability XSS-Proxy zombie

Yazar hakkında (2007)

Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the Black Hat Briefings, ISACA, OWASP, NASA, ISSA and Defcon. A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!

Kaynakça bilgileri

BaşlıkXSS Attacks: Cross Site Scripting Exploits and Defense
YazarJeremiah Grossman
EditörJeremiah Grossman
Baskıresimli
YayıncıSyngress, 2007
ISBN1597491543, 9781597491549
Uzunluk448 sayfa
  
Alıntıyı Dışa AktarBiBTeX EndNote RefMan