Testing Web Security: Assessing the Security of Web Sites and Applications [1 ed.] 0471232815, 9780471232810, 9780471447832

* Covers security basics and guides reader through the process of testing a Web site. * Explains how to analyze results

222 61 2MB

English Pages 297 Year 2002

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Cover......Page 2
Foreword......Page 5
Preface......Page 6
Part I: An Introduction to the Book......Page 8
The Goals of This Book......Page 9
The Approach of This Book......Page 10
How This Book Is Organized......Page 11
Terminology Used in This Book......Page 12
Who Should Read This Book?......Page 15
Summary......Page 16
Part II: Planning the Testing Effort......Page 17
Requirements......Page 18
The Anatomy of a Test Plan......Page 20
Master Test Plan (MTP)......Page 41
Summary......Page 42
Part III: Test Design......Page 45
Overview......Page 46
Scoping Approach......Page 47
Scoping Examples......Page 48
Device Inventory......Page 51
Network Topology......Page 54
Validating Network Design......Page 56
Verifying Device Inventory......Page 58
Verifying Network Topology......Page 63
Supplemental Network Security......Page 66
Summary......Page 74
Security Certifications......Page 75
Patching......Page 76
Hardening......Page 79
Masking......Page 80
Services......Page 83
Directories and Files......Page 88
UserIDs and Passwords......Page 91
User Groups......Page 96
Summary......Page 97
Client Identification and Authentication......Page 99
User Permissions......Page 106
Testing for Illicit Navigation......Page 108
Client- Side Data......Page 110
Secure Client Transmissions......Page 113
Mobile Application Code......Page 117
Client Security......Page 124
Summary......Page 129
Common Gateway Interface (CGI)......Page 130
Third- Party CGI Scripts......Page 135
Server Side Includes (SSIs)......Page 137
Dynamic Code......Page 140
Application Code......Page 143
Input Data......Page 145
Server- Side Data......Page 157
Application- Level Intruder Detection......Page 162
Summary......Page 163
Combating Social Engineers......Page 164
Twarting Dumpster Divers......Page 167
Defending against Inside Accomplices......Page 169
Preventing Physical Attacks......Page 172
Summary......Page 178
Intruder Confusion......Page 179
Intrusion Detection......Page 183
Intrusion Response......Page 194
Part IV: Test Implementation......Page 202
Staffing Options......Page 203
Tools for Testing......Page 212
Summary......Page 220
Recycling......Page 221
Test Priority......Page 225
Summary......Page 245
Epilogue......Page 246
Part V: Appendixes......Page 247
Network Protocols......Page 248
Network Addresses......Page 252
Network Devices......Page 254
Firewalls......Page 257
Appendix B: SANS Institute Top 20 Critical Internet Security Vulnerabilities......Page 263
Template Test Status/ Summary Report......Page 265
Template Test Incident Report......Page 266
Template Test Log......Page 267
Additional Resources......Page 270

Testing Web Security: Assessing the Security of Web Sites and Applications [1 ed.] 0471232815, 9780471232810, 9780471447832

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Recommend Papers
Improving Web Services Security
Improving Web Services Security

593 120 5MB Read more

How to break Web software: functional and security testing of Web applications and Web services [8. print ed.] 0321369440, 9780321369444
How to break Web software: functional and security testing of Web applications and Web services [8. print ed.] 0321369440, 9780321369444

Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grow

225 68 7MB Read more

Joomla! Web Security 1847194885, 9781847194886
Joomla! Web Security 1847194885, 9781847194886

In Detail Joomla! is one of the most powerful open-source content management systems used to build websites and other po

433 90 3MB Read more

Web Application Security: Exploitation and Countermeasures for Modern Web Applications [1 ed.] 9781492053118, 9781492087960
Web Application Security: Exploitation and Countermeasures for Modern Web Applications [1 ed.] 9781492053118, 9781492087960

While many resources for network and IT security are available, detailed knowledge regarding modern web application secu

706 136 5MB Read more

Web Application Security: Exploitation and Countermeasures for Modern Web Applications [2 ed.] 1098143930, 9781098143930
Web Application Security: Exploitation and Countermeasures for Modern Web Applications [2 ed.] 1098143930, 9781098143930

In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of application security

98 85 14MB Read more

Patterns and Practices Web Service Security
Patterns and Practices Web Service Security

693 25 7MB Read more

Practical cryptology and Web security 9780321263339, 0321263332
Practical cryptology and Web security 9780321263339, 0321263332

382 17 22MB Read more

Hacking: Computer Hacking, Security Testing,Penetration Testing, and Basic Security!
Hacking: Computer Hacking, Security Testing,Penetration Testing, and Basic Security!

Are you interested in learning about how to hack systems? Do you want to learn how to protect yourself from being hacked

113 87 175KB Read more

Practical Cryptology & Web Security 0321263332, 9780321263339
Practical Cryptology & Web Security 0321263332, 9780321263339

Security is now the number one concern for businesses world wide. The gold standard for attaining security is cryptograp

452 118 6MB Read more

The Web App Testing Guidebook
The Web App Testing Guidebook

1,366 241 9MB Read more

Our partners will collect data and use cookies for ad personalization and measurement. Learn how we and our ad partner Google, collect and use data. Agree Cookies