Overview

Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book. The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

Full Product Details

Author:   Mark Burnett (Independent researcher, consultant, and writer specializing in Windows security)
Publisher:   Syngress Media,U.S.
Imprint:   Syngress Media,U.S.
Dimensions:   Width: 17.80cm , Height: 2.60cm , Length: 22.90cm
Weight:   0.750kg
ISBN:  

9781932266658

ISBN 10:   1932266658
Pages:   550
Publication Date:   10 May 2004
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Hardback
Publisher's Status:   Out of Print
Availability:   Out of print, replaced by POD  
We will order this item for you from a manufatured on demand supplier.

Table of Contents

Chapter 1 Managing Users Introduction Understanding the Threats Establishing User Credentials Enforcing Strong Passwords Avoiding Easily Guessed Credentials Preventing Credential Harvesting Limiting Idle Accounts Managing Passwords Storing Passwords Password Aging and Histories Changing Passwords Resetting Lost or Forgotten Passwords Resetting Passwords Sending Information Via E-Mail Assigning Temporary Passwords Using Secret Questions Empowering Users Educating Users Involving Users Coding Standards Fast Track Establishing User Credentials Managing Passwords Resetting Lost or Forgotten Passwords Empowering Users Code Audit Fast Track Establishing User Credentials Managing Passwords Resetting Lost or Forgotten Passwords Empowering Users Frequently Asked Questions Chapter 2 Authenticating and Authorizing Users Introduction Understanding the Threats Authenticating Users Building Login Forms Using Forms Authentication Using Windows Authentication Using Passport Authentication Blocking Brute-Force Attacks Authorizing Users Deciding How to Authorize Employing File Authorization Applying URL Authorization Authorizing Users Through Code Coding Standards Fast Track Authenticating Users Authorizing Users Code Audit Fast Track Authenticating Users Authorizing Users Frequently Asked Questions Chapter 3 Managing Sessions Introduction Session Tokens Authentication Tokens Understanding the Threats Maintaining State Designing a Secure Token Selecting a Token Mechanism Using State Providers Using ASP.NET Tokens Using Cookies Working with View State Enhancing ASP.NET State Management Creating Tokens Terminating Sessions Coding Standards Fast Track Maintaining State Using ASP.NET Tokens Enhancing ASP.NET State Management Code Audit Fast Track Maintaining State Using ASP.NET Tokens Enhancing ASP.NET State Management Frequently Asked Questions Chapter 4 Encrypting Private Data Introduction Using Cryptography in ASP.NET Employing Symmetric Cryptography Using Asymmetric Cryptography Working with Hashing Algorithms Working with .NET Encryption Features Creating Random Numbers Keeping Memory Clean Protecting Secrets Protecting Communications with SSL Coding Standards Fast Track Using Cryptography in ASP.NET Working with .NET Encryption Features Code Audit Fast Track Using Cryptography in ASP.NET Working with .NET Encryption Features Frequently Asked Questions Chapter 5 Filtering User Input Introduction Handling Malicious Input Identifying Input Sources Programming Defensively Constraining Input Bounds Checking Pattern Matching Data Reflecting Encoding Data Encapsulating Parameterizing Double Decoding Syntax Checking Exception Handling Honey Drops Limiting Exposure to Malicious Input Reducing the Attack Surface Limiting Attack Scope Hardening Server Applications Coding Standards Fast Track Handling Malicious Input Constraining Input Limiting Exposure to Malicious Input Code Audit Fast Track Handling Malicious Input Limiting Exposure to Malicious Input Frequently Asked Questions Chapter 6 Accessing Data Introduction Securing Databases Securing the Database Location Limiting the Attack Surface Ensuring Least Privilege Securing the Database Writing Secure Data Access Code Connecting to the Data Source Preventing SQL Injection Writing Secure SQL Code Reading and Writing to Data Files Coding Standards Fast Track Securing Database Drivers Securing Databases Writing Secure Data Access Code Code Audit Fast Track Securing Database Drivers Securing the Database Writing Secure Data Access Code Frequently Asked Questions Chapter 7 Developing Secure ASP.NET Applications Introduction Understanding the Threats Writing Secure HTML Constructing Safe HTML Preventing Information Leaks Handling Exceptions Using Structured Error Handling Reporting and Logging Errors Coding Standards Fast Track Writing Secure HTML Handling Exceptions Code Audit Fast Track Writing Secure HTML Handling Exceptions Frequently Asked Questions Chapter 8 Securing XML Introduction Applying XML Encryption Encrypting XML Data Applying XML Digital Signatures Signing XML Data Coding Standards Fast Track Applying XML Encryption Applying XML Digital Signatures Coding Audit Fast Track Applying XML Encryption Applying XML Digital Signatures Frequently Asked Questions Appendix A Understanding .NET Security Introduction Permissions Principal Authentication Authorization Security Policy Type Safety Code Access Security .NET Code Access Security Model Role-Based Security Principals Role-Based Security Checks Security Policies Creating a New Permission Set Modifying the Code Group Structure Remoting Security Cryptography Security Tools Summary Security Fast Track Frequently Asked Questions Appendix B Glossary of Web Application Security Threats Index

Reviews

Author Information

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions