Web Application Security, 2nd Edition / Безопасность веб-приложений, 2-е издание Год издания: 2024 Автор: Hoffman Andrew / Хоффман Эндрю Издательство: O’Reilly Media, Inc. ISBN:978-1-098-14393-0 Язык: English Формат: PDF Качество: Издательский макет или текст (eBook) Количество страниц: 444 Описание: In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of application security: reconnaissance, offense, and defense. In this revised and updated second edition, he examines dozens of related topics, from the latest types of attacks and mitigations to threat modeling, the secure software development lifecycle (SSDL/SDLC), and more. Hoffman, senior staff security engineer at Ripple, also provides information regarding exploits and mitigations for several additional web application technologies such as GraphQL, cloud-based deployments, content delivery networks (CDN) and server-side rendering (SSR). Following the curriculum from the first book, this second edition is split into three distinct pillars comprising three separate skill sets: Pillar 1: Recon—Learn techniques for mapping and documenting web applications remotely, including procedures for working with web applications Pillar 2: Offense—Explore methods for attacking web applications using a number of highly effective exploits that have been proven by the best hackers in the world. These skills are valuable when used alongside the skills from Pillar 3. Pillar 3: Defense—Build on skills acquired in the first two parts to construct effective and long-lived mitigations for each of the attacks described in Pillar 2. В первом издании этой книги, получившей признание критиков, Эндрю Хоффман определил три столпа безопасности приложений: разведка, нападение и защита. В этом переработанном и обновленном втором издании он рассматривает десятки смежных тем, от новейших типов атак и способов их устранения до моделирования угроз, жизненного цикла разработки безопасного программного обеспечения (SSDL/SDLC) и многого другого. Хоффман, старший инженер по безопасности Ripple, также предоставляет информацию об уязвимостях и способах их устранения для нескольких дополнительных технологий веб-приложений, таких как GraphQL, облачные развертывания, сети доставки контента (CDN) и рендеринг на стороне сервера (SSR). В соответствии с учебной программой, изложенной в первой книге, это второе издание разделено на три отдельных компонента, включающих три отдельных набора навыков: Компонент 1: Повторное изучение методов удаленного отображения и документирования веб—приложений, включая процедуры работы с веб-приложениями Компонент 2: Атака — Изучите методы атаки на веб-приложения с использованием ряда высокоэффективных эксплойтов, которые были проверены лучшими хакерами в мире. Эти навыки ценны, если их использовать вместе с навыками из компонента 3. Компонент 3: Защита — Используйте навыки, приобретенные в первых двух частях, для создания эффективных и долговременных средств защиты от каждой из атак, описанных в компоненте 2.
Примеры страниц (скриншоты)
Оглавление
Preface xvii 1. The History of Software Security 1 The Origins of Hacking 1 The Enigma Machine, Circa 1930 2 Automated Enigma Code Cracking, Circa 1940 5 Telephone “Phreaking,” Circa 1950 8 Anti-Phreaking Technology, Circa 1960 10 The Origins of Computer Hacking, Circa 1980 11 The Rise of the World Wide Web, Circa 2000 12 Hackers in the Modern Era, Circa 2015+ 15 Summary 17 Part I. Recon 2. Introduction to Web Application Reconnaissance 21 Information Gathering 21 Web Application Mapping 23 Summary 25 3. The Structure of a Modern Web Application 27 Modern Versus Legacy Web Applications 27 REST APIs 29 JavaScript Object Notation 32 JavaScript 33 Variables and Scope 34 Functions 36 v Context 37 Prototypal Inheritance 38 Asynchrony 40 Browser DOM 44 SPA Frameworks 45 Authentication and Authorization Systems 46 Authentication 47 Authorization 47 Web Servers 48 Server-Side Databases 49 Client-Side Data Stores 50 GraphQL 51 Version Control Systems 53 CDN/Cache 55 Summary 56 4. Finding Subdomains 57 Multiple Applications per Domain 57 The Browser’s Built-In Network Analysis Tools 58 Taking Advantage of Public Records 61 Search Engine Caches 62 Accidental Archives 64 Social Snapshots 65 Zone Transfer Attacks 69 Brute Forcing Subdomains 71 Dictionary Attacks 76 Summary 78 5. API Analysis 79 Endpoint Discovery 79 Authentication Mechanisms 82 Endpoint Shapes 84 Common Shapes 84 Application-Specific Shapes 85 Summary 86 6. Identifying Third-Party Dependencies 87 Detecting Client-Side Frameworks 87 Detecting SPA Frameworks 88 Detecting JavaScript Libraries 90 Detecting CSS Libraries 91 vi | Table of Contents Detecting Server-Side Frameworks 92 Header Detection 92 Default Error Messages and 404 Pages 93 Database Detection 95 Summary 97 7. Identifying Weak Points in Application Architecture 99 Secure Versus Insecure Architecture Signals 100 Multiple Layers of Security 104 Adoption and Reinvention 105 Summary 107 8. Part I Summary 109 Part II. Offense 9. Introduction to Hacking Web Applications 113 The Hacker’s Mindset 113 Applied Recon 114 10. Cross-Site Scripting 117 XSS Discovery and Exploitation 117 Stored XSS 121 Reflected XSS 122 DOM-Based XSS 125 Mutation-Based XSS 127 Bypassing Filters 129 Self-Closing HTML Tags 130 Protocol-Relative URLs 130 Malformed Tags 131 Encoding Escapes 131 Polyglot Payloads 132 XSS Sinks and Sources 133 Summary 134 11. Cross-Site Request Forgery 135 Query Parameter Tampering 135 Alternate GET Payloads 139 CSRF Against POST Endpoints 141 Bypassing CSRF Defenses 142 Header Validation 143 Token Pools 143 Weak Tokens 143 Content Types 144 Regex Filter Bypasses 144 Iframe Payloads 145 AJAX Payloads 145 Zero Interaction Forms 145 Summary 146 12. XML External Entity 147 XXE Fundamentals 147 Direct XXE 148 Indirect XXE 151 Out-of-Band Data Exfiltration 153 Account Takeover Workflow 153 Obtaining System User Data 154 Obtaining Password Hashes 154 Cracking Password Hashes 155 SSH Remote Login 156 Summary 157 13. Injection 159 SQL Injection 159 Code Injection 163 Command Injection 167 Injection Data Exfiltration Techniques 170 Data Exfiltration Fundamentals 170 In-Band Data Exfiltration 170 Out-of-Band Data Exfiltration 171 Inferential Data Exfiltration 172 Bypassing Common Defenses 173 Summary 174 14. Denial of Service 175 Regex DoS 176 Logical DoS Vulnerabilities 178 Distributed DoS 181 Advanced DoS 182 YoYo Attacks 182 Compression Attacks 183 Proxy-Based DoS 184 Summary 185 15. Attacking Data and Objects 187 Mass Assignment 187 Insecure Direct Object Reference 189 Serialization Attacks 190 Web Serialization Explained 190 Attacking Weak Serialization 191 Summary 192 16. Client-Side Attacks 193 Methods of Attacking a Browser Client 194 Client-Targeted Attacks 194 Client-Specific Attacks 194 Advantages of Client-Side Attacks 194 Prototype Pollution Attacks 195 Understanding Prototype Pollution 195 Attacking with Prototype Pollution 198 Prototype Pollution Archetypes 199 Clickjacking Attacks 200 Camera and Microphone Exploit 200 Creating Clickjacking Exploits 200 Tabnabbing and Reverse Tabnabbing 201 Traditional Tabnabbing 202 Reverse Tabnabbing 203 Summary 204 17. Exploiting Third-Party Dependencies 205 Methods of Integration 207 Branches and Forks 207 Self-Hosted Application Integrations 208 Source Code Integration 210 Package Managers 210 JavaScript 211 Java 212 Other Languages 213 Common Vulnerabilities and Exposures Database 214 Summary 216 18. Business Logic Vulnerabilities 217 Custom Math Vulnerabilities 218 Programmed Side Effects 219 Quasi-Cash Attacks 221 Vulnerable Standards and Conventions 223 Exploiting Business Logic Vulnerabilities 225 Summary 226 19. Part II Summary 227 Part III. Defense 20. Securing Modern Web Applications 231 Defensive Software Architecture 232 Comprehensive Code Reviews 232 Vulnerability Discovery 233 Vulnerability Analysis 234 Vulnerability Management 234 Regression Testing 235 Mitigation Strategies 235 Applied Recon and Offense Techniques 236 Summary 236 21. Secure Application Architecture 237 Analyzing Feature Requirements 237 Authentication and Authorization 239 Secure Sockets Layer and Transport Layer Security 239 Secure Credentials 241 Hashing Credentials 241 MFA 244 PII and Financial Data 245 Search Engines 245 Zero Trust Architecture 247 The History of Zero Trust 247 Implicit Versus Explicit Trust 247 Authentication and Authorization 248 Summary 249 22. Secure Application Configuration 251 Content Security Policy 251 Implementing CSP 252 CSP Structure 252 Important Directives 252 CSP Sources and Source Lists 253 Strict CSP 254 Example Secure CSP Policy 255 Cross-Origin Resource Sharing 255 Types of CORS Requests 256 Simple CORS Requests 256 Preflighted CORS Requests 256 Implementing CORS 257 Headers 258 Strict Transport Security 258 Cross-Origin-Opener Policy (COOP) 258 Cross-Origin-Resource-Policy (CORP) 259 Headers with Security Implications 260 Legacy Security Headers 260 Cookies 261 Creating and Securing Cookies 261 Testing Cookies 262 Framing and Sandboxing 263 Traditional Iframe 263 Web Workers 265 Subresource Integrity 265 Shadow Realms 266 Summary 267 23. Secure User Experience 269 Information Disclosures and Enumeration 269 Information Disclosures 269 Enumeration 271 Secure User Experience Best Practices 273 Summary 275 24. Threat Modeling Applications 277 Designing an Effective Threat Model 277 Threat Modeling by Example 278 Logic Design 278 Technical Design 279 Threat Identification (Threat Actors) 281 Threat Identification (Attack Vectors) 282 Identifying Mitigations 284 Delta Identification 285 Summary 286 25. Reviewing Code for Security 289 How to Start a Code Review 290 Archetypical Vulnerabilities Versus Business Logic Vulnerabilities 291 Where to Start a Security Review 293 Secure-Coding Anti-Patterns 295 Blocklists 295 Boilerplate Code 296 Trust-by-Default 297 Client/Server Separation 297 Summary 298 26. Vulnerability Discovery 299 Security Automation 299 Static Analysis 300 Dynamic Analysis 301 Vulnerability Regression Testing 302 Responsible Disclosure Programs 305 Bug Bounty Programs 306 Third-Party Penetration Testing 307 Summary 307 27. Vulnerability Management 309 Reproducing Vulnerabilities 309 Ranking Vulnerability Severity 310 Common Vulnerability Scoring System 310 CVSS: Base Scoring 312 CVSS: Temporal Scoring 314 CVSS: Environmental Scoring 315 Advanced Vulnerability Scoring 316 Beyond Triage and Scoring 316 Summary 317 28. Defending Against XSS Attacks 319 Anti-XSS Coding Best Practices 319 Sanitizing User Input 321 DOMParser Sink 322 SVG Sink 323 Blob Sink 323 Sanitizing Hyperlinks 323 HTML Entity Encoding 324 CSS XSS 325 Content Security Policy for XSS Prevention 326 Script Source 326 Unsafe Eval and Unsafe Inline 327 Implementing a CSP 328 Summary 329 29. Defending Against CSRF Attacks 331 Header Verification 331 CSRF Tokens 333 Anti-CRSF Coding Best Practices 334 Stateless GET Requests 334 Application-Wide CSRF Mitigation 335 Summary 337 30. Defending Against XXE 339 Evaluating Other Data Formats 340 Advanced XXE Risks 341 Summary 341 31. Defending Against Injection 343 Mitigating SQL Injection 343 Detecting SQL Injection 344 Prepared Statements 345 Database-Specific Defenses 347 Generic Injection Defenses 347 Potential Injection Targets 347 Principle of Least Authority 348 Allowlisting Commands 349 Summary 350 32. Defending Against DoS 353 Protecting Against Regex DoS 354 Protecting Against Logical DoS 354 Protecting Against DDoS 355 Summary 356 33. Defending Data and Objects 359 Defending Against Mass Assignment 359 Validation and Allowlisting 360 Data Transfer Objects 360 Defending Against IDOR 360 Defending Against Serialization Attacks 361 Summary 361 34. Defense Against Client-Side Attacks 363 Defending Against Prototype Pollution 363 Key Sanitization 364 Prototype Freezing 365 Null Prototypes 365 Defending Against Clickjacking 366 Frame Ancestors 366 Framebusting 367 Defending Against Tabnabbing 368 Cross-Origin-Opener Policy 368 Link Blockers 368 Isolation Policies 369 Summary 370 35. Securing Third-Party Dependencies 371 Evaluating Dependency Trees 371 Modeling a Dependency Tree 372 Dependency Trees in the Real World 373 Automated Evaluation 373 Secure Integration Techniques 373 Separation of Concerns 374 Secure Package Management 374 Summary 375 36. Mitigating Business Logic Vulnerabilities 377 Architecture-Level Mitigations 377 Statistical Modeling 379 Modeling Inputs 379 Modeling Actions 380 Model Development 380 Model Analysis 381 Summary 382 37. Part III Summary 383 Conclusion 385 Index 395
Hoffman Andrew / Хоффман Эндрю - Web Application Security, 2nd Edition / Безопасность веб-приложений, 2-е издание [2025, PDF, RUS] download torrent for free and without registration
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
![[Quote]](./templates/default/images/lang/en/icon_quote.gif "Reply with quote"){kind=icon}
![[Profile]](./templates/default/images/lang/en/icon_profile.gif "View user's profile"){kind=icon}
![[PM]](./templates/default/images/lang/en/icon_pm.gif "Send private message"){kind=icon}
