Name: Innocent Code von Sverre H. Huseby
SKU: 9780470857441
Price: 4.99 EUR
Availability: InStock

Innocent Code Zusammenfassung

Innocent Code: A Security Wake-Up Call for Web Programmers Sverre H. Huseby

* This concise and practical book shows where code vulnerabilities lie--without delving into the specifics of each system architecture, programming or scripting language, or application--and how best to fix them * Based on real--world situations taken from the authora s experiences of tracking coding mistakes at major financial institutions * Covers SQL injection attacks, cross--site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code * Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code

Innocent Code Bewertungen

!the security book that all web developers need to read!sound advice!ignore at peril! (Tech Book Report, January 2004) !achieves its aims admirably! (PC Utilities, April 2004) !should be required reading for web developers! (about.com, March 2004) !if you are a web techie you will love this book, I did! (Infosecurity Today, July 04)

Über Sverre H. Huseby

Sverre Huseby runs his own company selling courses and consultancy services in Web application security. Hea s an active participant on webappsec mail forum.

Inhaltsverzeichnis

Foreword. Acknowledgments. Introduction. I.1 The Rules. I.2 The Examples. I.3 The Chapters. I.4 What is Not in this Book? I.5 A Note From the Author. I.6 Feedback. 1. The Basics. 1.1 HTTP. 1.2 Sessions. 1.3 HTTPS. 1.4 Summary. 1.5 Do You Want to Know More? 2. Passing Data to Subsystems. 2.1 SQL Injection. 2.2 Shell Command Injection. 2.3 Talking to Programs Written in C/C++. 2.4 The Evil Eval. 2.5 Solving Metacharacter Problems. 2.6 Summary. 3. User Input. 3.1 What is Input Anyway? 3.2 Validating Input. 3.3 Handling Invalid Input. 3.4 The Dangers of Client--side Validation. 3.5 Authorization Problems. 3.6 Protecting Server--generated Input. 3.7 Summary. 4. Output Handling: The Cross--site Scripting Problem. 4.1 Examples. 4.2 The Problem. 4.3 The Solution. 4.4 Browser Character Sets. 4.5 Summary.; 4.6 Do You Want to Know More? 5. Web Trojans. 5.1 Examples. 5.2 The Problem. 5.3 A Solution. 5.4 Summary. 6. Passwords and Other Secrets. 6.1 Crypto--stuff. 6.2 Password--based Authentication. 6.3 Secret Identifiers. 6.4 Secret Leakage. 6.5 Availability of Server--side Code. 6.6 Summary. 6.7 Do You Want to Know More? 7. Enemies of Secure Code. 7.1 Ignorance. 7.2 Mess. 7.3 Deadlines. 7.4 Salesmen. 7.5 Closing Remarks. 7.6 Do You Want to Know More? 8. Summary of Rules for Secure Coding. Appendix A: Bugs in the Web Server. Appendix B: Packet Sniffing. Appendix C: Sending HTML Formatted E--mails with Forged Sender Address. Appendix D: More Information. Acronyms. References. Index.

Zusätzliche Informationen

Sku

GOR003693796

ISBN 13

9780470857441

ISBN 10

0470857447

Titel

Innocent Code: A Security Wake-Up Call for Web Programmers Sverre H. Huseby

Autor

Sverre H. Huseby

Zustand

Gebraucht - Sehr Gut

Bindung

Broschiert

Verlag

John Wiley and Sons Ltd

Datum

20031209

Anzahl der Seiten

248

Preise

N/A

Begleitschreiben

Die Abbildung des Buches dient nur Illustrationszwecken, die tatsächliche Bindung, das Cover und die Auflage können sich davon unterscheiden.

Hinweis

Dies ist ein gebrauchtes Buch. Es wurde schon einmal gelesen und weist von der früheren Nutzung Gebrauchsspuren auf. Wir gehen davon aus, dass es im Großen und Ganzen in einem sehr guten Zustand ist. Sollten Sie jedoch nicht vollständig zufrieden sein, setzen Sie sich bitte mit uns in Verbindung.

Innocent Code Sverre H. Huseby

Innocent Code Sverre H. Huseby

Zusammenfassung

Innocent Code Zusammenfassung

Innocent Code: A Security Wake-Up Call for Web Programmers Sverre H. Huseby

Innocent Code Bewertungen

Über Sverre H. Huseby

Inhaltsverzeichnis

Zusätzliche Informationen