- Tapa blanda: 296 páginas
- Editor: Syngress (10 de diciembre de 2010)
- Idioma: Inglés
- ISBN-10: 1597496049
- ISBN-13: 978-1597496049
- Valoración media de los clientes: Sé el primero en opinar sobre este producto
Clasificación en los más vendidos de Amazon:
nº341.321 en Libros en idiomas extranjeros (Ver el Top 100 en Libros en idiomas extranjeros)
- n.° 1021 en Libros en idiomas extranjeros > Informática, internet y medios digitales > Seguridad informática
- n.° 2199 en Libros en idiomas extranjeros > Informática, internet y medios digitales > Redes y administración de sistemas
- n.° 2963 en Libros en idiomas extranjeros > Informática, internet y medios digitales > Internet y web
- Ver el Índice completo
Compara Precios en Amazon
+ Envío GRATIS
+ EUR 3,15 de gastos de envío
Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' (Inglés) Tapa blanda – 10 dic 2010
|Nuevo desde||Usado desde|
Los clientes que compraron este producto también compraron
Descripción del producto
"As the data stored in Web application systems becomes critical to business, the attacks against them are becoming increasingly complex. If you want to move your understanding beyond 'or 1=1--' this book provides the knowledge needed to bypass both filters and detection, crucial for both attack and defence." -- Andrew Waite, Security Researcher, InfoSanity Research
"This is a very frightening book and I would advise any security architect to purchase a copy. It’s aimed at the bleeding edge of the technical security market, however, it really does hammer home how difficult security can become when faced with complex applications and protocols. The techniques used in the book are not trivial, but they do show us that the age of the firewall and the IDS may well be over, and the age of security by design has only just begun."--InfoSecReviews.com
"This is a deep technical read and anyone buying it should have a solid understanding of web technologies and some experience of web programming. I would say it is targeted at penetration testers and security architects, but to the security generalist it also opens up new frontiers when it comes to designing for security."--Best Hacking and Pen Testing Books in InfoSecReviews Book Awards
Reseña del editor
Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.
- Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
- Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets
- Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities
- Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more
No es necesario ningún dispositivo Kindle. Descárgate una de las apps de Kindle gratuitas para comenzar a leer libros Kindle en tu smartphone, tablet u ordenador.
Obtén la app gratuita:
Detalles del producto
Si eres el vendedor de este producto, ¿te gustaría sugerir ciertos cambios a través del servicio de atención al vendedor?
Opiniones de clientes
|5 estrellas (0%)|
|4 estrellas (0%)|
|3 estrellas (0%)|
|2 estrellas (0%)|
|1 estrella (0%)|
Opiniones de clientes más útiles en Amazon.com
Very good and informative book, like no other!
Thanks to the authors!
I liked many other aspects of WAO. The book was very thorough. For one example, check the table on p 27. For another, see the regex explanation with examples in ch 1. The book has many such sections where the authors offer great detail on the subject at hand. I also enjoyed the many references to outside work. Authors of all technical books should follow WAO's lead, because 1) it gives credit where due and 2) it shows the authors are aware of outside influences and up-to-date.
WAO also does a nice job explaining how we arrived at the current state of broken Web technologies. Their history lesson of the browser wars in ch 2 set the stage for the chaos that follows. I'll finish my praises by mentioning the Web site the authors created as a companion to the book, complete with errata and code listings; it's a nice addition to the book.
If you're wondering why I rated WAO four instead of five stars, the reason involves the audience. I think too often the authors advance pretty far beyond the uninitiated reader. You have to admit that if obfuscation is your world, you're probably not going to read this book. However, if you're a newbie like me, you need the authors to spend more time explaining what they're doing and more importantly, WHY. Just what is the purpose of this technique or that attack? I think if the authors recruited some outside help to walk through the book, slow them down, and answer some basic questions, a second edition would be an easy five star work.
On the production side, a new edition should redraw figures 5.2 - 5.14. They look like they came straight from a PowerPoint pitch.
Overall, WAO is a great book to shatter any assumptions you may have about how Web clients and servers render content. Maybe the authors would care to describe how best one can operate in such a dangerous environment, i.e., is their an OpenBSD for Web technologies? All of the engines seem bad -- what's a user to do?
I found myself on the verge of giving this book 4 stars thinking that for the primary intended audiences, they'd really love it. However, I decided to rate it based on the perspective of me being new to the subject. Some improvement is need in that area as well as perhaps the flow of the book. I'd like to see more defense solutions actually integrated with each technical chapter instead of the defense all presented at the end of the book.