Muutke küpsiste eelistusi

Ethical Hacking and Countermeasures: Web Applications and Data Servers, 2nd Edition 2nd ed. [Pehme köide]

4.00/5 (10 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, kõrgus x laius x paksus: 229x180x13 mm, kaal: 363 g, Illustrations, unspecified
  • Ilmumisaeg: 24-Feb-2016
  • Kirjastus: Cengage Learning
  • ISBN-10: 1305883454
  • ISBN-13: 9781305883451
Teised raamatud teemal:
Ethical Hacking and Countermeasures: Web Applications and Data Servers, 2nd Edition 2nd ed.Suurem pilt
  • Formaat: Paperback / softback, kõrgus x laius x paksus: 229x180x13 mm, kaal: 363 g, Illustrations, unspecified
  • Ilmumisaeg: 24-Feb-2016
  • Kirjastus: Cengage Learning
  • ISBN-10: 1305883454
  • ISBN-13: 9781305883451
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781305883451.html
Märksõnad:
The EC-Council|Press Ethical Hacking and Countermeasures series is comprised of four books covering a broad base of topics in offensive network security, ethical hacking, and network defense and countermeasures. The content of this series is designed to immerse the reader into an interactive environment where they will be shown how to scan, test, hack, and secure information systems. A wide variety of tools, viruses, and malware is presented in these books, providing a complete understanding of the tactics and tools used by hackers. The full series of books helps prepare readers to take and succeed on the C|EH certification exam from EC-Council.
Preface xi
Chapter 1 Session Hijacking
1
What If?
2(1)
Introduction to Session Hijacking
2(1)
Session Hijacking
3(18)
Understanding Session Hijacking
3(1)
Spoofing Versus Hijacking
4(2)
Steps in Session Hijacking
6(2)
Types of Session Hijacking
8(5)
Sequence Number Prediction
13(1)
TCP/IP Hijacking
14(3)
Session Hijacking Tools
17(2)
Dangers Posed by Hijacking
19(1)
Countermeasures
20(1)
Chapter Summary
21(1)
Key Terms
22(1)
Review Questions
22(2)
Hands-On Projects
24(3)
Chapter 2 Hacking Web Servers
27(38)
What If?
28(1)
Food for Thought
28(1)
Introduction to Hacking Web Servers
28(1)
Sources of Security Vulnerabilities in Web Servers
29(1)
Webmaster's Concern
29(1)
Network Administrator's Concern
29(1)
End User's Concern
29(1)
Risks
29(1)
Web Site Defacement
30(1)
How Web Sites Are Defaced
30(1)
Attacks Against Internet Information Services
31(2)
$DATA IIS Vulnerability
31(1)
Showcode.asp
31(1)
Piggybacking Privileged Command Execution on Back-end Database Queries (MDAC/RDS)
32(1)
Buffer Overflow Vulnerabilities
32(1)
Privileged Command Execution Vulnerability
32(1)
WebDAV/RPC Exploits
33(1)
IIS 7 Components
33(15)
Unicode Directory Traversal Vulnerability
35(1)
Netcat
36(1)
Tool: IIS Xploit
37(1)
Msw3prt IPP Vulnerability
37(1)
RPC DCOM Vulnerability
38(1)
ASP Trojan
38(1)
IIS Logs
39(9)
Patch Management
48(2)
Patches and Hotfixes
48(2)
Vulnerability Scanners
50(9)
Online Vulnerability Search Engine
50(5)
Countermeasures
55(1)
File System Traversal Countermeasures
56(1)
Increasing Web Server Security
56(3)
Chapter Summary
59(1)
Key Terms
59(1)
Review Questions
59(2)
Hands-On Projects
61(4)
Chapter 3 Web Application Vulnerabilities
65(34)
What If?
66(1)
Introduction to Web Application Vulnerabilities
66(1)
Web Applications
66(2)
Web Application Hacking
68(1)
Anatomy of an Attack
69(1)
Web Application Threats
69(16)
Cross-Site Scripting/XSS Flaws
70(2)
SQL Injection
72(1)
Command Injection Flaws
73(1)
Cookie/Session Poisoning
74(1)
Parameter/Form Tampering
75(1)
Buffer Overflow
76(1)
Directory Traversal/Forceful Browsing
77(1)
Cryptographic Interception
78(1)
Authentication Hijacking
79(1)
Log Tampering
79(1)
Error Message Interception
80(1)
Attack Obfuscation
80(1)
Platform Exploits
81(1)
DMZ Protocol Attacks
81(1)
Security Management Exploits
82(1)
Web Services Attacks
83(1)
Zero-Day Attacks
83(1)
Network Access Attacks
84(1)
TCP Fragmentation
85(1)
Web Application Hacking Tools
85(9)
Tool: Instant Source
85(1)
Tool: Wget
86(1)
Tool: WebSleuth
86(1)
Tool: Black Widow
87(1)
Tool: SiteScope
88(1)
Tool: WSDigger
88(1)
Tool: CookieDigger
88(1)
Tool: SSLDigger
88(1)
Tool: WindowBomb
88(1)
Tool: Burp Intruder
89(1)
Tool: Burp Proxy
89(1)
Tool: Burp suite
90(1)
Tool: cURL
90(1)
Tool: dotDefender
90(1)
Tool: Acunetix Web Vulnerability Scanner
91(1)
Tool: AppScan
91(1)
Tool: AccessDiver
91(1)
Tool: NetBrute Scanner Suite
91(1)
Tool: Emsa Web Monitor
92(1)
Tool: KeepNI
92(1)
Tool: Paros Proxy
93(1)
Tool: WebScarab
93(1)
Tool: IBM Rational AppScan
93(1)
Tool: Web WatchBot
93(1)
Tool: Ratproxy
94(1)
Chapter Summary
94(1)
Key Term
94(1)
Review Questions
94(2)
Hands-On Projects
96(3)
Chapter 4 Web-Based Password Cracking Techniques
99(30)
What If?
100(1)
Introduction to Web-Based Password Cracking Techniques
100(1)
Authentication
100(1)
Authentication Techniques
101(7)
HTTP Authentication
101(2)
Integrated Windows (NTLM) Authentication
103(1)
Negotiate Authentication
104(1)
Certificate-Based Authentication
104(1)
Forms-Based Authentication
105(1)
RSA SecurID Token
106(1)
Biometric Authentication
107(1)
Password Cracking
108(6)
Password Cracking Techniques
108(2)
Password Cracker Programs
110(1)
Password Cracker Countermeasures
111(2)
Windows 7
113(1)
Windows 8
113(1)
Tools
114(11)
Password-Generating Tools
114(7)
Password Recovery Tools
121(1)
Password Revealing Tools
122(1)
Password Security Tools
122(3)
Chapter Summary
125(1)
Key Terms
125(1)
Review Questions
126(1)
Hands-On Projects
127(2)
Chapter 5 Hacking Web Browsers
129(18)
What If?
130(1)
Introduction to Hacking Web Browsers
130(1)
How Web Browsers Work
131(1)
Hacking Firefox
132(1)
Firefox Information Leak Vulnerability
132(1)
Firefox Spoofing Vulnerability
132(1)
Firefox Password Vulnerability
132(1)
Concerns with Saving Forms or Login Data
133(1)
Cleaning Up Browsing History
133(1)
Cookies
133(1)
Cookie Viewer
133(1)
Cookie Blocking Options
134(1)
Tools for Cleaning Unwanted Cookies
134(1)
Firefox Security
134(1)
Getting Started
134(1)
Privacy Settings
134(1)
Security Settings
135(1)
Content Settings
135(1)
Clear Private Data
135(1)
Firefox Security Features
135(1)
Hacking Internet Explorer
135(1)
Redirection Information Disclosure Vulnerability
135(1)
Window Injection Vulnerability
136(1)
Internet Explorer Security
136(4)
Security Zones
136(2)
Privacy
138(1)
Specify Default Applications
138(1)
Internet Explorer Security Features
139(1)
Hacking Opera
140(1)
JavaScript Invalid Pointer Vulnerability
140(1)
BitTorrent Header Parsing Vulnerability
140(1)
BitTorrent File-Handling Buffer Overflow Vulnerability
141(1)
Opera Security and Privacy Features
141(1)
Hacking Safari
141(1)
Safari Browser Vulnerability
141(1)
iPhone Safari Browser Memory Exhaustion Remote DoS Vulnerability
141(1)
Securing Safari
142(1)
AutoFill
142(1)
Security Features
142(1)
Chapter Summary
142(1)
Key Terms
143(1)
Review Questions
143(2)
Hands-On Projects
145(2)
Chapter 6 Hacking Database Servers-SQL Injection
147(34)
What If?
148(1)
Introduction to Hacking Database Servers
148(1)
Introduction to SQL Injection
148(1)
Attacking Oracle
149(1)
Security Issues in Oracle
149(1)
Types of Database Attacks
149(1)
Breaking into an Oracle Database
150(1)
The Default Privilege Given to the OUTLN User Is EXECUTE ANY PROCEDURE
151(1)
Exploiting Web Applications
151(1)
What Attackers Look For
151(1)
OLE DB Errors
151(4)
Database Footprinting
152(1)
Getting Data from the Database Using OLE DB Errors
152(1)
How to Mine All Column Names of a Table
153(1)
How to Retrieve Any Data
154(1)
How to Update/Insert Data into a Database
155(1)
Input Validation Attack
155(1)
SQL Injection Techniques
156(3)
Authorization Bypass
156(1)
Using the SELECT Command
157(1)
Using the INSERT Command
157(1)
Using SQL Server Stored Procedures
157(1)
Oracle Worm: Voyager Beta
158(1)
How to Test for an SQL Injection Vulnerability
159(1)
How It Works
159(2)
Example: BadLogin.aspx.cs
160(1)
Example: BadProductList.aspx.cs
160(1)
SQL Injection in Oracle
161(1)
SQL Injection in MySQL
161(1)
Hacking an SQL Server
162(3)
How an SQL Server Is Hacked
164(1)
Attacks Against Microsoft SQL Server
165(2)
SQL Server Resolution Service (SSRS)
166(1)
OSQL -L Probing
166(1)
SC Sweeping of Services
166(1)
Tools for Automated SQL Injection
167(4)
Tool: SQLDict
167(1)
Tool: SQLExec
167(1)
Tool: SQLbf
168(1)
Tool: SQLSmack
168(1)
Tool: SQL2
168(1)
Tool: AppDetective
169(1)
Tool: Database Scanner
169(1)
Tool: SQLPoke
169(1)
Tool: NGSSQLCrack
169(1)
Tool: SQLPing
169(1)
Tool: Sqlmap
169(1)
Tool: Sqlninja
170(1)
Tool: SQLier
170(1)
Tool: Automagic SQL Injector
170(1)
Tool: Absinthe
170(1)
Blind SQL Injection
171(1)
Blind SQL Injection Countermeasures
171(1)
SQL Injection Countermeasures
171(1)
Preventing SQL Injection Attacks
172(2)
Removing Culprit Characters/Character Sequences
172(1)
Minimizing Privileges
173(1)
Implementing Consistent Coding Standards
173(1)
Firewalling the SQL Server
174(1)
Security Tools
174(1)
AppRazdar
174(1)
DbEncrypt
174(1)
AppDetective
174(1)
Oracle Selective Audit
175(1)
Security Checklists
175(2)
Administrator Checklist
175(1)
Developer Checklist
175(1)
Other Measures
176(1)
Tool: SQL Block
176(1)
Tool: Acunetix Web Vulnerability Scanner
176(1)
Chapter Summary
177(1)
Key Terms
178(1)
Review Questions
178(2)
Hands-On Projects
180(1)
Glossary 181(2)
Index 183