Web Application Security: Exploitation and Countermeasures for Modern Web Applications [1 ed.]
9781492053118, 9781492087960
While many resources for network and IT security are available, detailed knowledge regarding modern web application secu
646
96
5MB
English
Pages 330
[331]
Year 2020
Report DMCA / Copyright
DOWNLOAD PDF FILE
Table of contents :
Cover
NGINX
Copyright
Table of Contents
Foreword
Preface
Prerequisite Knowledge and Learning Goals
Suggested Background
Minimum Required Skills
Who Benefits Most from Reading This Book?
Software Engineers and Web Application Developers
General Learning Goals
Security Engineers, Pen Testers, and Bug Bounty Hunters
How Is This Book Organized?
Recon
Offense
Defense
Language and Terminology
Summary
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Chapter 1. The History of Software Security
The Origins of Hacking
The Enigma Machine, Circa 1930
Automated Enigma Code Cracking, Circa 1940
Introducing the “Bombe”
Telephone “Phreaking,” Circa 1950
Anti-Phreaking Technology, Circa 1960
The Origins of Computer Hacking, Circa 1980
The Rise of the World Wide Web, Circa 2000
Hackers in the Modern Era, Circa 2015+
Summary
Part I. Recon
Chapter 2. Introduction to Web Application Reconnaissance
Information Gathering
Web Application Mapping
Summary
Chapter 3. The Structure of a Modern Web Application
Modern Versus Legacy Web Applications
REST APIs
JavaScript Object Notation
JavaScript
Variables and Scope
Functions
Context
Prototypal Inheritance
Asynchrony
Browser DOM
SPA Frameworks
Authentication and Authorization Systems
Authentication
Authorization
Web Servers
Server-Side Databases
Client-Side Data Stores
Summary
Chapter 4. Finding Subdomains
Multiple Applications per Domain
The Browser’s Built-In Network Analysis Tools
Taking Advantage of Public Records
Search Engine Caches
Accidental Archives
Social Snapshots
Zone Transfer Attacks
Brute Forcing Subdomains
Dictionary Attacks
Summary
Chapter 5. API Analysis
Endpoint Discovery
Authentication Mechanisms
Endpoint Shapes
Common Shapes
Application-Specific Shapes
Summary
Chapter 6. Identifying Third-Party Dependencies
Detecting Client-Side Frameworks
Detecting SPA Frameworks
Detecting JavaScript Libraries
Detecting CSS Libraries
Detecting Server-Side Frameworks
Header Detection
Default Error Messages and 404 Pages
Database Detection
Summary
Chapter 7. Identifying Weak Points in Application Architecture
Secure Versus Insecure Architecture Signals
Multiple Layers of Security
Adoption and Reinvention
Summary
Chapter 8. Part I Summary
Part II. Offense
Chapter 9. Introduction to Hacking Web Applications
The Hacker’s Mindset
Applied Recon
Chapter 10. Cross-Site Scripting (XSS)
XSS Discovery and Exploitation
Stored XSS
Reflected XSS
DOM-Based XSS
Mutation-Based XSS
Summary
Chapter 11. Cross-Site Request Forgery (CSRF)
Query Parameter Tampering
Alternate GET Payloads
CSRF Against POST Endpoints
Summary
Chapter 12. XML External Entity (XXE)
Direct XXE
Indirect XXE
Summary
Chapter 13. Injection
SQL Injection
Code Injection
Command Injection
Summary
Chapter 14. Denial of Service (DoS)
regex DoS (ReDoS)
Logical DoS Vulnerabilities
Distributed DoS
Summary
Chapter 15. Exploiting Third-Party Dependencies
Methods of Integration
Branches and Forks
Self-Hosted Application Integrations
Source Code Integration
Package Managers
JavaScript
Java
Other Languages
Common Vulnerabilities and Exposures Database
Summary
Chapter 16. Part II Summary
Part III. Defense
Chapter 17. Securing Modern Web Applications
Defensive Software Architecture
Comprehensive Code Reviews
Vulnerability Discovery
Vulnerability Analysis
Vulnerability Management
Regression Testing
Mitigation Strategies
Applied Recon and Offense Techniques
Chapter 18. Secure Application Architecture
Analyzing Feature Requirements
Authentication and Authorization
Secure Sockets Layer and Transport Layer Security
Secure Credentials
Hashing Credentials
2FA
PII and Financial Data
Searching
Summary
Chapter 19. Reviewing Code for Security
How to Start a Code Review
Archetypical Vulnerabilities Versus Custom Logic Bugs
Where to Start a Security Review
Secure-Coding Anti-Patterns
Blacklists
Boilerplate Code
Trust-By-Default Anti-Pattern
Client/Server Separation
Summary
Chapter 20. Vulnerability Discovery
Security Automation
Static Analysis
Dynamic Analysis
Vulnerability Regression Testing
Responsible Disclosure Programs
Bug Bounty Programs
Third-Party Penetration Testing
Summary
Chapter 21. Vulnerability Management
Reproducing Vulnerabilities
Ranking Vulnerability Severity
Common Vulnerability Scoring System
CVSS: Base Scoring
CVSS: Temporal Scoring
CVSS: Environmental Scoring
Advanced Vulnerability Scoring
Beyond Triage and Scoring
Summary
Chapter 22. Defending Against XSS Attacks
Anti-XSS Coding Best Practices
Sanitizing User Input
DOMParser Sink
SVG Sink
Blob Sink
Sanitizing Hyperlinks
HTML Entity Encoding
CSS
Content Security Policy for XSS Prevention
Script Source
Unsafe Eval and Unsafe Inline
Implementing a CSP
Summary
Chapter 23. Defending Against CSRF Attacks
Header Verification
CSRF Tokens
Stateless CSRF Tokens
Anti-CRSF Coding Best Practices
Stateless GET Requests
Application-Wide CSRF Mitigation
Summary
Chapter 24. Defending Against XXE
Evaluating Other Data Formats
Advanced XXE Risks
Summary
Chapter 25. Defending Against Injection
Mitigating SQL Injection
Detecting SQL Injection
Prepared Statements
Database-Specific Defenses
Generic Injection Defenses
Potential Injection Targets
Principle of Least Authority
Whitelisting Commands
Summary
Chapter 26. Defending Against DoS
Protecting Against Regex DoS
Protecting Against Logical DoS
Protecting Against DDoS
DDoS Mitigation
Summary
Chapter 27. Securing Third-Party Dependencies
Evaluating Dependency Trees
Modeling a Dependency Tree
Dependency Trees in the Real World
Automated Evaluation
Secure Integration Techniques
Separation of Concerns
Secure Package Management
Summary
Chapter 28. Part III Summary
The History of Software Security
Web Application Reconnaissance
Offense
Defense
Chapter 29. Conclusion
Index
About the Author
Colophon