Tài liệu Hacking Exposed Web Applications, 3rd Edition ppt

481 4.1K 1
Tài liệu Hacking Exposed Web Applications, 3rd Edition ppt

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

www.it-ebooks.info Praise for Hacking Exposed™ Web Applications: Web Application Security Secrets and Solutions, Third Edition “Whether you are a business leader attempting to understand the threat space for your business, or an engineer tasked with writing the code for those sites, or a security engineer attempting to identify and mitigate the threats to your applications, this book will be an invaluable weapon in your arsenal.” —From the Foreword by Chris Peterson Senior Director of Application Security, Zynga Game Network Former Director of Security Assurance, Microsoft Corporation “I cut my teeth reading Joel’s work, and this book is no disappointment. People often ask where to find high-quality content that will help them gain a foothold in this daunting industry. This is the kind of desk reference every web application security practitioner needs. It will certainly hold a place of prominence in my personal library.” —Robert “RSnake” Hansen CEO SecTheory and founder of ha.ckers.org “An eye-opening resource for realizing the realities of today’s web application security landscape, this book explores the latest vulnerabilities as well as exploitation techniques and tradecraft being deployed against those vulnerabilities. This book is a valuable read for both the aspiring engineer who is looking for the first foray into the world of web application security and the seasoned application-security, penetration-testing expert who wants to keep abreast of current techniques.” —Chad Greene Director, eBay Global Information Security “As our businesses push more of their information and commerce to their customers through web- applications, the confidentiality and integrity of these transactions is our fundamental, if not mandatory, responsibility. Hacking Exposed Web Applications provides a comprehensive blueprint for application developers and security professionals charged with living up to this responsibility. The authors’ research, insight, and 30+ years as information security experts, make this an invaluable resource in the application and information protection toolkit. Great Stuff!” —Ken Swanson CISM, IS Business Solution Manager, regionally based P&C insurance company “This book is so much more then the authoritative primer on web application security; it’s also an opportunity to accompany the foremost industry experts in an apprenticeship that even seasoned professionals will enjoy.” —Andrew Stravitz, CISSP Director of Information Security, Barnes & Noble.com “A very timely reference, as cloud computing continues to expand into the enterprise and web security emerges as the new battleground for attackers and defenders alike. This comprehensive text is the definitive starting point for understanding the contemporary landscape of threats and mitigations to web applications. Particularly notable for its extensive treatment of identity management, marking the first time that challenges around authentication have been surveyed in-depth and presented in such an accessible fashion.” —Cem Paya Google Security Team www.it-ebooks.info This page intentionally left blank www.it-ebooks.info HACKING EXPOSED ™ WEB APPLICATIONS: WEB APPLICATION SECURITY SECRETS AND SOLUTIONS THIRD EDITION JOEL SCAMBRAY VINCENT LIU CALEB SIMA New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto www.it-ebooks.info Copyright © 2011 by Joel Scambray. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-0-07-174042-5 MHID: 0-07-174042-2 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-174064-7, MHID: 0-07-174064-3. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefi t of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at bulksales@mcgraw-hill.com. Trademarks: McGraw-Hill, the McGraw-Hill Publishing logo, Hacking ExposedTM, and related trade dress are trademarks or registered trademarks of The McGraw-Hill Companies and/or its affi liates in the United States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners. The McGraw-Hill Companies is not associated with any product or vendor mentioned in this book. Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGrawHill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WAR- RANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse- quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. www.it-ebooks.info Chapter 1: Upgrading to Windows XP 1 Stop Hackers in Their Tracks Hacking Exposed, 6th Edition Hacking Exposed Malware & Rootkits Hacking Exposed Computer Forensics, 2nd Edition 24 Deadly Sins of Software Security Gray Hat Hacking, 2nd Edition Hacking Exposed Wireless Hacking Exposed VoIP IT Auditing: Using Controls to Protect Information Assets Hacking Exposed Linux, 3rd Edition Hacking Exposed Windows, 3rd Edition Hacking Exposed Web 2.0 Hacking Exposed: Web Applications, 2nd Edition www.it-ebooks.info To Jane, thanks for getting Hacking Exposed off the ground and sustaining it for so many years. —Joel To Heather, for keeping me laughing and smiling through it all. —Vinnie To my Mom and Dad (thanks for putting up with me), my brothers Jonathon, RJ, and Andrew, and my sister Emily. Finally, to all the people of SPI who changed my life and helped build a great company. —Caleb www.it-ebooks.info ABOUT THE AUTHORS Joel Scambray Joel Scambray is co-founder and CEO of Consciere, provider of strategic security advisory services. He has assisted companies ranging from newly minted startups to members of the Fortune 50 to address information security challenges and opportunities for over a dozen years. Joel’s background includes roles as an executive, technical consultant, and entrepreneur. He has been a Senior Director at Microsoft Corporation, where he led Microsoft’s online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co- founded security software and services startup Foundstone, Inc., and helped lead it to acquisition by McAfee for $86M. He previously held positions as a manager for Ernst & Young, a security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and director of IT for a major commercial real-estate firm. Joel is widely recognized as co-author of Hacking Exposed: Network Security Secrets and Solutions, the international best-selling computer security book that first appeared in 1999. He is also lead author of the Hacking Exposed Windows and Hacking Exposed Web Applications series. He has spoken widely on information security at forums including Black Hat, I-4, INTERFACE, and The Asia Europe Meeting (ASEM), as well as organizations including IANS, CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP. Joel holds a BS from the University of California at Davis, an MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP). Vincent Liu Vincent Liu, CISSP, is a Managing Partner at Stach & Liu. Before founding Stach & Liu, Vincent led the Attack & Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International. Prior to that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency. Vincent is a sought-after speaker and has presented his research at conferences, including Black Hat, ToorCon, and Microsoft BlueHat. Vincent holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. Caleb Sima Caleb Sima is the CEO of Armorize Technologies, the Santa Clara–based provider of integrated Web application security solutions. He previously founded SPI Dynamics in 2000 and, as CTO, oversaw the development of WebInspect, a solution that set the bar in Web application security testing tools. When Hewlett- Packard (HP) acquired SPI Dynamics in 2007, Sima took on the role of Chief www.it-ebooks.info Technologist at HP’s Application Security Center, where he directed the company’s security solutions’ lifecycles and spearheaded development of its cloud-based security service. In this role, he also managed a team of accomplished security experts who successfully identified new security threats and devised advanced countermeasures. Prior to co-founding SPI Dynamics, Caleb worked for Internet Security Systems’ elite X-Force research and development team where he drove enterprise security assessments for the company. A thought leader and technical visionary in the web application security field, Sima holds five patents on web security technology and has co-authored textbooks on the subject, is a frequent media contributor, and regularly speaks at key industry conferences such as RSA and Black Hat. He is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC). ABOUT THE CONTRIBUTING AUTHORS Hernan Ochoa is a security consultant and researcher with over 14 years of professional experience. Hernan began his professional career in 1996 with the creation of Virus Sentinel, a signature-based file/memory/mbr/boot sector detection/removal antivirus application with heuristics to detect polymorphic viruses. Hernan also developed a detailed technical virus information database and companion newsletter. He joined Core Security Technologies in 1999 and worked there for 10 years in various roles, including security consultant and exploit writer. As an exploit writer, he performed diverse types of security assessments, developed methodologies, shellcode, and security tools, and contributed new attack vectors. He also designed and developed several low- level/kernel components for a multi-OS security system that was ultimately deployed at a financial institution, and he served as “technical lead” for ongoing development and support of the multi-OS system. Hernan has published a number of security tools, including Universal Hooker (runtime instrumentation using dynamic handling routines written in Python), Pass-The-Hash Toolkit for Windows, and WifiZoo. He is currently working as a security consultant/researcher at Amplia Security, performing network, wireless, and web applications penetration tests; standalone/client-server application black-box assessments; source code audits; reverse engineering; vulnerability analysis; and other information security–related services. Justin Hays is a Senior Security Associate at Stach & Liu. Before joining Stach & Liu, Justin served as an enterprise support engineer for PTC Japan where his responsibilities included application debugging, reverse engineering, and mitigating software defects in PTC’s flagship Windchill enterprise server J2EE software. Prior to PTC, Justin held a software development position with Lexmark, Inc., where he designed and implemented web application software in support of internal IT operations. Justin holds a BS from the University of Kentucky with a major in Computer Science and a minor in Mathematics. www.it-ebooks.info Carl Livitt is a Managing Security Associate at Stach & Liu. Prior to joining Stach & Liu, Carl led the network security services group for a well-respected UK security company and provided network security consultancy for several of the largest pharmaceutical companies in the world. Carl has also worked with UK police counterterrorism units, lecturing on technological security issues to specialist law-enforcement agencies. Rob Ragan is a Senior Security Associate at Stach & Liu. Before joining Stach & Liu, Rob served as a software engineer at Hewlett-Packard’s Application Security Center, where he developed web application security testing tools and conducted application penetration testing. Rob actively conducts web application security research and has presented at Black Hat, Defcon, InfoSec World, and Outerz0ne. Rob holds a BS from Pennsylvania State University with a major in Information Sciences and Technology and a focus on System Development. About the Technical Editor Robert Hensing is a Senior Consultant at Microsoft, where he has worked in various security roles for over 12 years. Robert previously worked with the Microsoft Security Response Center with a focus on providing root cause analysis and identifying mitigations and workarounds for security vulnerabilities to help protect customers from attacks. Prior to working on the MSRC Engineering team, Robert was a senior member of the Customer Support Services Security team, where he helped customers with incident response–related investigations. Robert was also a contributing author on Hacking Exposed Windows: Windows Security Secrets and Solutions, Third Edition. www.it-ebooks.info [...]... URI GUI Web Hacking Many people are under the impression that web hacking is geeky technical work best left to younger types who inhabit dark rooms and drink lots of Mountain Dew Thanks to the intuitive graphical user interface (GUI, or “gooey”) of web applications, this is not necessarily so Here’s how easy web hacking can be In Chapter 6, we’ll discuss one of the most devastating classes of web app... www.it-ebooks.info 2 Hacking Exposed Web Applications T his chapter provides a brief overview of the “who, what, when, where, how, and why” of web application hacking It’s designed to set the stage for the subsequent chapters of the book, which will delve much more deeply into the details of web application attacks and countermeasures We’ll also introduce the basic web application hacking toolset, since... B ▼ Hacking Web Apps 101 Profiling Hacking Web Platforms Attacking Web Authentication Attacking Web Authorization Input Injection Attacks Attacking XML Web Services Attacking Web. .. most rudimentary web site, you know this is a daunting task Faced with the security limitations of existing protocols like HTTP, as well as the ever-accelerating pace of technological change, including XML Web Services, xxi www.it-ebooks.info xxii Hacking Exposed Web Applications AJAX, RSS, mobile applications, and user-generated content, the act of designing and implementing a secure web application... one aspect of the Hacking Exposed Web Application attack methodology This structure forms the backbone of this book, for without a methodology, this would be nothing but a heap of information without context or meaning It is the map by which we will chart our progress throughout the book Chapter 1: Hacking Web Apps 101 In this chapter, we take a broad overview of web application hacking tools and techniques... book That site address is http://www.webhackingexposed.com It also provides a forum to talk directly with the authors via e-mail: joel@webhackingexposed.com We hope that you return to the site frequently as you read through these chapters to view any updated materials, gain easy access to the tools that we mentioned, and otherwise keep up with the ever-changing face of web security Otherwise, you never... xix Introduction xxi ▼ 1 Hacking Web Apps 101 1 What Is Web Application Hacking? GUI Web Hacking URI Hacking Methods, Headers, and Body Resources... xiv Hacking Exposed Web Applications ▼ 7 Attacking XML Web Services 267 What Is a Web Service? Transport: SOAP over HTTP(S) WSDL Directory Services: UDDI and DISCO Similarities to Web Application Security Attacking Web. .. a web browser) simply requests these resources, and the server responds We’ve all seen this performed a million times by our favorite web browser, so we won’t belabor the point Here are some concrete examples: http://server/file.html http://server/folder/application?parameter1=value1¶meter2=value2 http://www.webhackingexposed.com/secret/search.php?input=foo&user=joel As we noted earlier, web hacking. .. graphically in the upcoming section on “how” web applications are attacked www.it-ebooks.info 5 6 Hacking Exposed Web Applications Resources Typically, the ultimate goal of the attacker is to gain unauthorized access to web application resources What kinds of resources do web applications hold? Although they can have many layers (often called “tiers”), most web applications have three: presentation, . Assets Hacking Exposed Linux, 3rd Edition Hacking Exposed Windows, 3rd Edition Hacking Exposed Web 2.0 Hacking Exposed: Web Applications, 2nd Edition www.it-ebooks.info To. Security Gray Hat Hacking, 2nd Edition Hacking Exposed Wireless Hacking Exposed VoIP IT Auditing: Using Controls to Protect Information Assets Hacking Exposed

Ngày đăng: 21/02/2014, 15:20

Từ khóa liên quan

Mục lục

  • Contents

  • Foreword

  • Acknowledgments

  • Introduction

  • 1 Hacking Web Apps 101

    • What Is Web Application Hacking?

      • GUI Web Hacking

      • URI Hacking

      • Methods, Headers, and Body

      • Resources

      • Authentication, Sessions, and Authorization

      • The Web Client and HTML

      • Other Protocols

    • Why Attack Web Applications?

    • Who, When, and Where?

      • Weak Spots

    • How Are Web Apps Attacked?

      • The Web Browser

      • Browser Extensions

      • HTTP Proxies

      • Command-line Tools

      • Older Tools

    • Summary

    • References & Further Reading

  • 2 Profiling

    • Infrastructure Profiling

      • Footprinting and Scanning: Defining Scope

      • Basic Banner Grabbing

      • Advanced HTTP Fingerprinting

      • Infrastructure Intermediaries

    • Application Profiling

      • Manual Inspection

      • Search Tools for Profiling

      • Automated Web Crawling

      • Common Web Application Profiles

    • General Countermeasures

      • A Cautionary Note

      • Protecting Directories

      • Protecting include Files

      • Miscellaneous Tips

    • Summary

    • References & Further Reading

  • 3 Hacking Web Platforms

    • Point-and-Click Exploitation Using Metasploit

    • Manual Exploitation

    • Evading Detection

    • Web Platform Security Best Practices

      • Common Best Practices

      • IIS Hardening

      • Apache Hardening

      • PHP Best Practices

    • Summary

    • References & Further Reading

  • 4 Attacking Web Authentication

    • Web Authentication Threats

      • Username/Password Threats

      • Strong(er) Web Authentication

      • Web Authentication Services

    • Bypassing Authentication

      • Token Replay

      • Cross-site Request Forgery

      • Identity Management

      • Client-side Piggybacking

    • Some Final Thoughts: Identity Theft

    • Summary

    • References & Further Reading

  • 5 Attacking Web Authorization

    • Fingerprinting Authz

      • Crawling ACLs

      • Identifying Access Tokens

      • Analyzing Session Tokens

      • Differential Analysis

      • Role Matrix

    • Attacking ACLS

    • Attacking Tokens

      • Manual Prediction

      • Automated Prediction

      • Capture/Replay

      • Session Fixation

    • Authorization Attack Case Studies

      • Horizontal Privilege Escalation

      • Vertical Privilege Escalation

      • Differential Analysis

      • When Encryption Fails

      • Using cURL to Map Permissions

    • Authorization Best Practices

      • Web ACL Best Practices

      • Web Authorization/Session Token Security

      • Security Logs

    • Summary

    • References & Further Reading

  • 6 Input Injection Attacks

    • Expect the Unexpected

    • Where to Find Attack Vectors

    • Bypass Client-Side Validation Routines

    • Common Input Injection Attacks

      • Buffer Overflow

      • Canonicalization (dot-dot-slash)

      • HTML Injection

      • Boundary Checks

      • Manipulate Application Behavior

      • SQL Injection

      • XPATH Injection

      • LDAP Injection

      • Custom Parameter Injection

      • Log Injection

      • Command Execution

      • Encoding Abuse

      • PHP Global Variables

      • Common Side-effects

    • Common Countermeasures

    • Summary

    • References & Further Reading

  • 7 Attacking XML Web Services

    • What Is a Web Service?

      • Transport: SOAP over HTTP(S)

      • WSDL

      • Directory Services: UDDI and DISCO

      • Similarities to Web Application Security

    • Attacking Web Services

    • Web Service Security Basics

    • Summary

    • References & Further Reading

  • 8 Attacking Web Application Management

    • Remote Server Management

      • Telnet

      • SSH

      • Proprietary Management Ports

      • Other Administration Services

    • Web Content Management

      • FTP

      • SSH/scp

      • FrontPage

      • WebDAV

    • Misconfigurations

      • Unnecessary Web Server Extensions

      • Information Leakage Misconfigurations

      • State Management Misconfiguration

    • Summary

    • References & Further Reading

  • 9 Hacking Web Clients

    • Exploits

      • Web Client Implementation Vulnerabilities

    • Trickery

    • General Countermeasures

      • Low-privilege Browsing

      • Firefox Security Extensions

      • ActiveX Countermeasures

      • Server-side Countermeasures

    • Summary

    • References & Further Reading

  • 10 The Enterprise Web Application Security Program

    • Threat Modeling

      • Clarify Security Objectives

      • Identify Assets

      • Architecture Overview

      • Decompose the Application

      • Identify and Document Threats

      • Rank the Threats

      • Develop Threat Mitigation Strategies

    • Code Review

      • Manual Source Code Review

      • Automated Source Code Review

      • Binary Analysis

    • Security Testing of Web App Code

      • Fuzzing

      • Test Tools, Utilities, and Harnesses

      • Pen-testing

    • Security in the Web Development Process

      • People

      • Process

      • Technology

    • Summary

    • References & Further Reading

  • A: Web Application Security Checklist

  • B: Web Hacking Tools and Techniques Cribsheet

  • Index

    • A

    • B

    • C

    • D

    • E

    • F

    • G

    • H

    • I

    • J

    • K

    • L

    • M

    • N

    • O

    • P

    • Q

    • R

    • S

    • T

    • U

    • V

    • W

    • X

    • Y

    • Z

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan