Testing and securing web applications:
Gespeichert in:
Beteiligte Personen: | , |
---|---|
Format: | Buch |
Sprache: | Englisch |
Veröffentlicht: |
Boca Raton, FL
CRC Press
2020
|
Schlagwörter: | |
Links: | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
Umfang: | 208 Seiten Illustrationen |
ISBN: | 9780367333751 |
Internformat
MARC
LEADER | 00000nam a22000001c 4500 | ||
---|---|---|---|
001 | BV046914722 | ||
003 | DE-604 | ||
005 | 20210928 | ||
007 | t| | ||
008 | 200928s2020 xx a||| |||| 00||| eng d | ||
020 | |a 9780367333751 |9 978-0-367-33375-1 | ||
035 | |a (OCoLC)1220884289 | ||
035 | |a (DE-599)BVBBV046914722 | ||
040 | |a DE-604 |b ger |e rda | ||
041 | 0 | |a eng | |
049 | |a DE-83 |a DE-739 | ||
084 | |a ST 233 |0 (DE-625)143620: |2 rvk | ||
100 | 1 | |a Das, Ravindra |0 (DE-588)1100570306 |4 aut | |
245 | 1 | 0 | |a Testing and securing web applications |c Ravi Das and Greg Johnson |
264 | 1 | |a Boca Raton, FL |b CRC Press |c 2020 | |
300 | |a 208 Seiten |b Illustrationen | ||
336 | |b txt |2 rdacontent | ||
337 | |b n |2 rdamedia | ||
338 | |b nc |2 rdacarrier | ||
650 | 0 | 7 | |a Programmierung |0 (DE-588)4076370-5 |2 gnd |9 rswk-swf |
650 | 0 | 7 | |a Softwaretest |0 (DE-588)4132652-0 |2 gnd |9 rswk-swf |
689 | 0 | 0 | |a Softwaretest |0 (DE-588)4132652-0 |D s |
689 | 0 | 1 | |a Programmierung |0 (DE-588)4076370-5 |D s |
689 | 0 | |5 DE-604 | |
700 | 1 | |a Johnson, Greg |0 (DE-588)1242061223 |4 aut | |
856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-032324076 |
Datensatz im Suchindex
_version_ | 1819345684669661184 |
---|---|
adam_text | Contents Acknowledgments............................................................................................... xiii About the Authors.................................................................................................xv 1 Network Security........................................................................................... 1 Introduction.................................................................................................... 1 A Chronological History of the Internet........................................................5 The Evolution of Web Applications................................................................ 7 The Fundamentals of Network Security - The OSI Model......................... 13 The OSI Model.........................................................................................13 What Is the Significance of the OSI Model to Network Security?........ 15 The Classification of Threats to the OSI Model.......................................15 The Most Probable Attacks....................................................................... 17 Assessing a Threat to a Web Application...................................................... 18 Network Security Terminology..................................................................... 19 The Types of Network Security Topologies Best Suited for Web Applications...................................................................................................20 The Types of Attack That Can Take Place against Web Applications........ 21 How to Protect Web Applications from
DDoS Attacks..............................27 Defending against Buffer Overflow Attacks........................................... 28 Defending against IP Spoofing Attacks.................................................. 28 Defending against Session Hijacking......................................................30 Defending Virus and Trojan Horse Attacks............................................31 Viruses..................................................................................................31 How a Virus Spreads Itself.................................................................. 31 The Different Types of Viruses............................................................ 31 Defending Web Applications at a Deeper Level.......................................... 33 The Firewall..............................................................................................33 Types of Firewalls..................................................................................... 34 Blacklisting and Whitelisting.................................................................. 36 How to Properly Implement a Firewall to Safeguard the Web Application........................................................................................... 37 Vii
viii ■ Contents The Use of Intrusion Detection Systems..........................................................39 Understanding What a Network Intrusion Detection System Is............39 Preemptive Blocking..................................................................................... 40 Anomaly Detection........................................................................................42 Important NIDS Processes and Subcomponents...................................... 43 The Use of VPNs to Protect a Web Application Server............................ 44 The Basics of VPN Technology....................................................................45 The Virtual Private Network Protocols that are Used to Secure a Web Application Server................................................................. 46 How PPTP Sessions are Authenticated....................................................... 46 How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated...........................................................................................47 How Password Authentication Protocol (PAP) Sessions are Authenticated................................................................................................. 48 How Shiva Password Authentication Protocol (SPAP) Sessions are Authenticated............................................................................ 48 How Kerberos Protocol Sessions are Authenticated..................................49 How IPSec Protocol Sessions are Authenticated........................................51 How SSL Protocol
Sessions are Authenticated........................................... 52 How to Assess the Current State of Security of a Web Application Server..................................................................................... 53 Important Risk Assessment Methodologies and How They Relate to Web Application Security............................................................. 54 Single Loss Expectancy (SLE)................................................................. 54 The Annualized Loss Expectancy (ALE)............................................... 54 Tie Residual Risk..................................................................................... 54 How to Evaluate the Security Risk that is Posed to the Web Application and its Server..............................................................................55 How to Conduct the Initial Security Assessment on the Web Application..................................................................................... 56 Techniques Used by Cyberattackers against the Web Application and Web Application Server...............................................................................59 The Techniques Used by the Cyberhacker..................................................60 Techniques Used by the Cyberattacker....................................................... 63 Network Security and Its Relevance for Web Apps........................................65 Data Confidentiality......................................................................................65 Common Technical Layouts for Modern Web App
Infrastructure.............66 Encrypting Data in Flight.............................................................................69 TLS............................................................................................................. 69 Certificate...................................................................................................72 Setting Up the Session..............................................................................73 Finishing the Handshake..........................................................................74
Contents ■ ix Site Validity...............................................................................................75 Proving Your Web App Is What It Says It Is...................................... 75 Testing Your Web App’s Confidentiality and Trust.......................... 77 What Kind of Trust?...........................................................................77 Spoofing and Related Concerns.......................................................... 79 Conclusion................................................................................................ 82 Resources....................................................................................................... 82 References...................................................................................................... 82 2 Cryptography.............................................................................................. 83 An Introduction to Cryptography................................................................ 84 Message Scrambling and Descrambling....................................................... 85 Encryption and Decryption..........................................................................86 Ciphertexts....................................................................................................86 Symmetric Key Systems and Asymmetric Key Systems...............................87 The Caesar Methodology.............................................................................. 87 Types of Cryptographic
Attacks.............................................................. 88 Polyalphabetic Encryption............................................................................88 Block Ciphers................................................................................................89 Initialization Vectors..................................................................................... 90 Cipher Block Chaining................................................................................. 90 Disadvantages of Symmetric Key Cryptography......................................... 91 The Key Distribution Center........................................................................92 Mathematical Algorithms with Symmetric Cryptography..........................93 The Hashing Function.................................................................................. 94 Asymmetric Key Cryptography....................................................................95 Public Keys and Public Private Keys............................................................ 95 The Differences Between Asymmetric and Symmetric Cryptography....... 96 The Disadvantages of Asymmetric Cryptography....................................... 97 The Mathematical Algorithms of Asymmetric Cryptography.................... 98 The Public Key Infrastructure.......................................................................99 The Digital Certificates............................................................................... 100 How the Public Key Infrastructure
Works................................................. 101 Public Key Infrastructure Policies and Rules............................................. 101 The LDAP Protocol.....................................................................................102 The Public Cryptography Standards...........................................................103 Parameters of Public Keys and Private Keys............................................... 104 How Many Servers?.....................................................................................105 Security Policies........................................................................................... 105 Securing the Public Keys and the Private Keys..........................................106 Message Digests and Hashes.......................................................................106 Security Vulnerabilities of Hashes...............................................................106 A Technical Review of Cryptography........................................................ 107
x ■ Contents The Digital Encryption Standard..........................................................107 The Internal Structure of the DES........................................................109 The Initial and Final Permutations................................................... 109 The f-Function....................................................................................109 The Key Schedule...............................................................................110 The Decryption Process of the DES Algorithm....................................Ill The Reversed Key Schedule............................................................... Ill The Decryption in the Feistel Network............................................ Ill The Security of the DES............................................................................. 113 The Advanced Encryption Standard.......................................................113 The Mathematics behind the DES Algorithm.................................114 The Internal Structure of the AES Algorithm..................................117 Decryption of the AES Algorithm.................................................... 120 Asymmetric and Public Key Cryptography................................................ 121 The Mathematics behind Asymmetric Cryptography........................... 124 The RSA Algorithm.....................................................................................125 The Use of Fast Exponentiation in the RSA Algorithm....................... 127 The Use of Fast Encryption with Shorter Public Key
Exponentiation........................................................................................128 The Chinese Remainder Theorem (CRT).............................................. 128 How to Find Large Prime Integers for the RSA Algorithm...................... 129 The Use of Padding in the RSA Algorithm................................................131 Specific Cyberattacks on the RSA Algorithm.............................................132 The Digital Signature Algorithm................................................................133 Digital Signature Computation and Verification Process for the DSA................................................................................ 134 The Prime Number Generation Process in the DSA............................. 135 Security Issues with the DSA.................................................................135 The Elliptic Curve Digital Signature Algorithm........................................136 The Generation of the Public Key and the Private Key Using the ECDSA Algorithm........................................................................... 136 The Signature and the Verification Process of the ECDSA Algorithm................................................................................. 137 The Use of Hash Functions......................................................................... 138 The Security Requirements of Hash Functions..........................................139 A Technical Overview of Hash Function Algorithms............................... 142 Block Cipher-Based Hash
Functions.................................................... 143 Technical Details of the Secure Hash Algorithm SHA-1.......................... 144 Key Distribution Centers............................................................................ 146 The Public Key Infrastructure and Certificate Authority.......................... 148 Resources......................................................................................................149
Contents ■ 3 XI՜ Penetration Testing...................................................................................151 Introduction.......................................................................................................151 Peeling the Onion..............................................................................................152 True Stories.........................................................................................................152 External Testing: Auxiliary System Vulnerabilities..................................152 Internal Testing.............................................................................................153 Report Narrative......................................................................................154 Report Narrative......................................................................................154 Web Application Testing............................................................................. 155 SSID Testing....................................................... 158 Types of Penetration Tests................................................................................ 159 Definitions of Low, Medium, High, and Critical Findings in Penetration Testing........................................................................................... 160 Compliances and Frameworks: Pen Testing Required..................................161 OWASP and OWASP Top Ten....................................................................... 162 OWASP Top Ten with
Commentary....................................................... 162 Tools of the Trade............................................................................................. 164 Pen Test Methodology......................................................................................167 Penetration Test Checklist for External IPs and Web Applications............ 167 Chapter Takeaways........................................................................................... 172 Resources............................................................................................................ 174 4 Threat Hunting.......................................................................................... 175 Not-So-Tall Tales...............................................................................................176 Nation-State Bad Actors: Chinaand Iran.......................................................181 Threat Hunting Methods................................................................................. 182 MITRE ATT CK........................................................................................... 183 Technology Tools...............................................................................................183 The SIEM...................................................................................................... 183 EDR............................................................................................................... 184 EDR +
SIEM................................................................................................185 IDS................................................................................................................ 185 When 1 + 1 + 1 = 1: The Visibility Window.................................................185 Threat Hunting Process or Model...................................................................186 On Becoming a Threat Hunter....................................................................... 188 Threat Hunting Conclusions............................................................................189 Resources............................................................................................................189 5 Conclusions................................................................................................191 Index.................................................................................................................... 199
|
any_adam_object | 1 |
author | Das, Ravindra Johnson, Greg |
author_GND | (DE-588)1100570306 (DE-588)1242061223 |
author_facet | Das, Ravindra Johnson, Greg |
author_role | aut aut |
author_sort | Das, Ravindra |
author_variant | r d rd g j gj |
building | Verbundindex |
bvnumber | BV046914722 |
classification_rvk | ST 233 |
ctrlnum | (OCoLC)1220884289 (DE-599)BVBBV046914722 |
discipline | Informatik |
format | Book |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01377nam a22003491c 4500</leader><controlfield tag="001">BV046914722</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20210928 </controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">200928s2020 xx a||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780367333751</subfield><subfield code="9">978-0-367-33375-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1220884289</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV046914722</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-83</subfield><subfield code="a">DE-739</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 233</subfield><subfield code="0">(DE-625)143620:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Das, Ravindra</subfield><subfield code="0">(DE-588)1100570306</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Testing and securing web applications</subfield><subfield code="c">Ravi Das and Greg Johnson</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton, FL</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">208 Seiten</subfield><subfield code="b">Illustrationen</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Johnson, Greg</subfield><subfield code="0">(DE-588)1242061223</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032324076</subfield></datafield></record></collection> |
id | DE-604.BV046914722 |
illustrated | Illustrated |
indexdate | 2024-12-20T19:04:32Z |
institution | BVB |
isbn | 9780367333751 |
language | English |
oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-032324076 |
oclc_num | 1220884289 |
open_access_boolean | |
owner | DE-83 DE-739 |
owner_facet | DE-83 DE-739 |
physical | 208 Seiten Illustrationen |
publishDate | 2020 |
publishDateSearch | 2020 |
publishDateSort | 2020 |
publisher | CRC Press |
record_format | marc |
spellingShingle | Das, Ravindra Johnson, Greg Testing and securing web applications Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd |
subject_GND | (DE-588)4076370-5 (DE-588)4132652-0 |
title | Testing and securing web applications |
title_auth | Testing and securing web applications |
title_exact_search | Testing and securing web applications |
title_full | Testing and securing web applications Ravi Das and Greg Johnson |
title_fullStr | Testing and securing web applications Ravi Das and Greg Johnson |
title_full_unstemmed | Testing and securing web applications Ravi Das and Greg Johnson |
title_short | Testing and securing web applications |
title_sort | testing and securing web applications |
topic | Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd |
topic_facet | Programmierung Softwaretest |
url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
work_keys_str_mv | AT dasravindra testingandsecuringwebapplications AT johnsongreg testingandsecuringwebapplications |