Testing Web Security: Assessing the Security of Web Sites and Applications [1 ed.] 0471232815, 9780471232810, 9780471447832

* Covers security basics and guides reader through the process of testing a Web site. * Explains how to analyze results

239 61 2MB

English Pages 297 Year 2002

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Cover......Page 2
Foreword......Page 5
Preface......Page 6
Part I: An Introduction to the Book......Page 8
The Goals of This Book......Page 9
The Approach of This Book......Page 10
How This Book Is Organized......Page 11
Terminology Used in This Book......Page 12
Who Should Read This Book?......Page 15
Summary......Page 16
Part II: Planning the Testing Effort......Page 17
Requirements......Page 18
The Anatomy of a Test Plan......Page 20
Master Test Plan (MTP)......Page 41
Summary......Page 42
Part III: Test Design......Page 45
Overview......Page 46
Scoping Approach......Page 47
Scoping Examples......Page 48
Device Inventory......Page 51
Network Topology......Page 54
Validating Network Design......Page 56
Verifying Device Inventory......Page 58
Verifying Network Topology......Page 63
Supplemental Network Security......Page 66
Summary......Page 74
Security Certifications......Page 75
Patching......Page 76
Hardening......Page 79
Masking......Page 80
Services......Page 83
Directories and Files......Page 88
UserIDs and Passwords......Page 91
User Groups......Page 96
Summary......Page 97
Client Identification and Authentication......Page 99
User Permissions......Page 106
Testing for Illicit Navigation......Page 108
Client- Side Data......Page 110
Secure Client Transmissions......Page 113
Mobile Application Code......Page 117
Client Security......Page 124
Summary......Page 129
Common Gateway Interface (CGI)......Page 130
Third- Party CGI Scripts......Page 135
Server Side Includes (SSIs)......Page 137
Dynamic Code......Page 140
Application Code......Page 143
Input Data......Page 145
Server- Side Data......Page 157
Application- Level Intruder Detection......Page 162
Summary......Page 163
Combating Social Engineers......Page 164
Twarting Dumpster Divers......Page 167
Defending against Inside Accomplices......Page 169
Preventing Physical Attacks......Page 172
Summary......Page 178
Intruder Confusion......Page 179
Intrusion Detection......Page 183
Intrusion Response......Page 194
Part IV: Test Implementation......Page 202
Staffing Options......Page 203
Tools for Testing......Page 212
Summary......Page 220
Recycling......Page 221
Test Priority......Page 225
Summary......Page 245
Epilogue......Page 246
Part V: Appendixes......Page 247
Network Protocols......Page 248
Network Addresses......Page 252
Network Devices......Page 254
Firewalls......Page 257
Appendix B: SANS Institute Top 20 Critical Internet Security Vulnerabilities......Page 263
Template Test Status/ Summary Report......Page 265
Template Test Incident Report......Page 266
Template Test Log......Page 267
Additional Resources......Page 270

Testing Web Security: Assessing the Security of Web Sites and Applications [1 ed.]
 0471232815, 9780471232810, 9780471447832

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Recommend Papers