CHF33.00
Download steht sofort bereit
Defending your web applications against hackers and
attackers
The top-selling book Web Application Hacker's Handbook
showed how attackers and hackers identify and attack vulnerable
live web applications. This new Web Application Defender's
Cookbook is the perfect counterpoint to that book: it shows you
how to defend. Authored by a highly credentialed defensive
security expert, this new book details defensive security methods
and can be used as courseware for training network security
personnel, web server administrators, and security consultants.
Each "recipe" shows you a way to detect and defend against
malicious behavior and provides working code examples for the
ModSecurity web application firewall module. Topics include
identifying vulnerabilities, setting hacker traps, defending
different access points, enforcing application flows, and much
more.
Provides practical tactics for detecting web attacks and
malicious behavior and defending against them
Written by a preeminent authority on web application firewall
technology and web application defense tactics
Offers a series of "recipes" that include working code examples
for the open-source ModSecurity web application firewall
module
Find the tools, techniques, and expert information you need to
detect and respond to web application attacks with Web
Application Defender's Cookbook: Battling Hackers and Protecting
Users.
Autorentext
RYAN BARNETT is a Lead Security Researcher in Trustwave's
SpiderLabs Team, an advanced security team focused on penetration
testing, incident response, and application security. He is the
ModSecurity web application firewall project lead, a SANS Institute
certified instructor, and a frequent speaker at industry
conferences.
Zusammenfassung
Defending your web applications against hackers and attackers
The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.
Each "recipe" shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.
Inhalt
Foreword xix
Introduction xxiii
I Preparing the Battle Space 1
1 Application Fortification 7
Recipe 1-1: Real-time Application Profiling 7
Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens 15
Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS) 19
Recipe 1-4: Integrating Intrusion Detection System Signatures 33
Recipe 1-5: Using Bayesian Attack Payload Detection 38
Recipe 1-6: Enable Full HTTP Audit Logging 48
Recipe 1-7: Logging Only Relevant Transactions 52
Recipe 1-8: Ignoring Requests for Static Content 53
Recipe 1-9: Obscuring Sensitive Data in Logs 54
Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog 58
Recipe 1-11: Using the ModSecurity AuditConsole 60
2 Vulnerability Identification and Remediation 67
Recipe 2-1: Passive Vulnerability Identification 70
Recipe 2-2: Active Vulnerability Identification 79
Recipe 2-3: Manual Scan Result Conversion 88
Recipe 2-4: Automated Scan Result Conversion 92
Recipe 2-5: Real-time Resource Assessments and Virtual Patching 99
3 Poisoned Pawns (Hacker Traps) 115
Recipe 3-1: Adding Honeypot Ports 116
Recipe 3-2: Adding Fake robots.txt Disallow Entries 118
Recipe 3-3: Adding Fake HTML Comments 123
Recipe 3-4: Adding Fake Hidden Form Fields 128
Recipe 3-5: Adding Fake Cookies 131
II Asymmetric Warfare 137
4 Reputation and Third-Party Correlation 139
Recipe 4-1: Analyzing the Client's Geographic Location Data 141
Recipe 4-2: Identifying Suspicious Open Proxy Usage?@147
Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL) 150
Recipe 4-4: Running Your Own RBL 157
Recipe 4-5: Detecting Malicious Links 160
5 Request Data Analysis 171
Recipe 5-1: Request Body Access 172
Recipe 5-2: Identifying Malformed Request Bodies 178
Recipe 5-3: Normalizing Unicode 182
Recipe 5-4: Identifying Use of Multiple Encodings 186
Recipe 5-5: Identifying Encoding Anomalies 189
Recipe 5-6: Detecting Request Method Anomalies 193
Recipe 5-7: Detecting Invalid URI Data 197
Recipe 5-8: Detecting Request Header Anomalies 200
Recipe 5-9: Detecting Additional Parameters 209
Recipe 5-10: Detecting Missing Parameters 212
Recipe 5-11: Detecting Duplicate Parameter Names 214
Recipe 5-12: Detecting Parameter Payload Size Anomalies 216
Recipe 5-13: Detecting Parameter Character Class Anomalies 219
6 Response Data Analysis 223
Recipe 6-1: Detecting Response Header Anomalies 224
Recipe 6-2: Detecting Response Header Information Leakages 234
Recipe 6-3: Response Body Access 238
Recipe 6-4: Detecting Page Title Changes 240
Recipe 6-5: Detecting Page Size Deviations 243
Recipe 6-6: Detecting Dynamic Content Changes 246
Recipe 6-7: Detecting Source Code Leakages 249
Recipe 6-8: Detecting Technical Data Leakages 253
Recipe 6-9: Detecting Abnormal Response Time Intervals 256
Recipe 6-10: Detecting Sensitive User Data Leakages 259
Recipe 6-11: Detecting Trojan, Backdoor, and Webshell Access Attempts 262
7 Defending Authentication 265
Recipe 7-1: Detecting the Submission of Common/Default Usernames 266
Recipe 7-2: Detecting the Submission of Multiple Usernames 269
Recipe 7-3: Detecting Failed Authentication Attempts 272
Recipe 7-4: Detecting a High Rate of Authentication Attempts 274
Recipe 7-5: Normalizing Authentication Failure Details 280
Recipe 7-6: Enforcing Password Complexity 283
Recipe 7-7: Correlating Usernames with SessionIDs 286
8 Defending Session State 291
Recipe 8-1: Detecting Invalid Cookies 291
Recipe 8-2: Detecting Cookie Tampering 297 <p&g...