Verfügbarkeit: Testing and securing web applications

Testing and securing web applications:

Gespeichert in:

Bibliographische Detailangaben
Beteiligte Personen:	Das, Ravindra (VerfasserIn), Johnson, Greg (VerfasserIn)
Format:	Buch
Sprache:	Englisch
Veröffentlicht:	Boca Raton, FL CRC Press 2020
Schlagwörter:	Programmierung Softwaretest
Links:	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
Umfang:	208 Seiten Illustrationen
ISBN:	9780367333751

Internformat

MARC


LEADER	00000nam a22000001c 4500
001	BV046914722
003	DE-604
005	20210928
007	t\|
008	200928s2020 xx a\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9780367333751 \|9 978-0-367-33375-1
035			\|a (OCoLC)1220884289
035			\|a (DE-599)BVBBV046914722
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
049			\|a DE-83 \|a DE-739
084			\|a ST 233 \|0 (DE-625)143620: \|2 rvk
100	1		\|a Das, Ravindra \|0 (DE-588)1100570306 \|4 aut
245	1	0	\|a Testing and securing web applications \|c Ravi Das and Greg Johnson
264		1	\|a Boca Raton, FL \|b CRC Press \|c 2020
300			\|a 208 Seiten \|b Illustrationen
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a Programmierung \|0 (DE-588)4076370-5 \|2 gnd \|9 rswk-swf
650	0	7	\|a Softwaretest \|0 (DE-588)4132652-0 \|2 gnd \|9 rswk-swf
689	0	0	\|a Softwaretest \|0 (DE-588)4132652-0 \|D s
689	0	1	\|a Programmierung \|0 (DE-588)4076370-5 \|D s
689	0		\|5 DE-604
700	1		\|a Johnson, Greg \|0 (DE-588)1242061223 \|4 aut
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-032324076

Datensatz im Suchindex

_version_	1819345684669661184
adam_text	Contents Acknowledgments............................................................................................... xiii About the Authors.................................................................................................xv 1 Network Security........................................................................................... 1 Introduction.................................................................................................... 1 A Chronological History of the Internet........................................................5 The Evolution of Web Applications................................................................ 7 The Fundamentals of Network Security - The OSI Model......................... 13 The OSI Model.........................................................................................13 What Is the Significance of the OSI Model to Network Security?........ 15 The Classification of Threats to the OSI Model.......................................15 The Most Probable Attacks....................................................................... 17 Assessing a Threat to a Web Application...................................................... 18 Network Security Terminology..................................................................... 19 The Types of Network Security Topologies Best Suited for Web Applications...................................................................................................20 The Types of Attack That Can Take Place against Web Applications........ 21 How to Protect Web Applications from DDoS Attacks..............................27 Defending against Buffer Overflow Attacks........................................... 28 Defending against IP Spoofing Attacks.................................................. 28 Defending against Session Hijacking......................................................30 Defending Virus and Trojan Horse Attacks............................................31 Viruses..................................................................................................31 How a Virus Spreads Itself.................................................................. 31 The Different Types of Viruses............................................................ 31 Defending Web Applications at a Deeper Level.......................................... 33 The Firewall..............................................................................................33 Types of Firewalls..................................................................................... 34 Blacklisting and Whitelisting.................................................................. 36 How to Properly Implement a Firewall to Safeguard the Web Application........................................................................................... 37 Vii viii ■ Contents The Use of Intrusion Detection Systems..........................................................39 Understanding What a Network Intrusion Detection System Is............39 Preemptive Blocking..................................................................................... 40 Anomaly Detection........................................................................................42 Important NIDS Processes and Subcomponents...................................... 43 The Use of VPNs to Protect a Web Application Server............................ 44 The Basics of VPN Technology....................................................................45 The Virtual Private Network Protocols that are Used to Secure a Web Application Server................................................................. 46 How PPTP Sessions are Authenticated....................................................... 46 How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated...........................................................................................47 How Password Authentication Protocol (PAP) Sessions are Authenticated................................................................................................. 48 How Shiva Password Authentication Protocol (SPAP) Sessions are Authenticated............................................................................ 48 How Kerberos Protocol Sessions are Authenticated..................................49 How IPSec Protocol Sessions are Authenticated........................................51 How SSL Protocol Sessions are Authenticated........................................... 52 How to Assess the Current State of Security of a Web Application Server..................................................................................... 53 Important Risk Assessment Methodologies and How They Relate to Web Application Security............................................................. 54 Single Loss Expectancy (SLE)................................................................. 54 The Annualized Loss Expectancy (ALE)............................................... 54 Tie Residual Risk..................................................................................... 54 How to Evaluate the Security Risk that is Posed to the Web Application and its Server..............................................................................55 How to Conduct the Initial Security Assessment on the Web Application..................................................................................... 56 Techniques Used by Cyberattackers against the Web Application and Web Application Server...............................................................................59 The Techniques Used by the Cyberhacker..................................................60 Techniques Used by the Cyberattacker....................................................... 63 Network Security and Its Relevance for Web Apps........................................65 Data Confidentiality......................................................................................65 Common Technical Layouts for Modern Web App Infrastructure.............66 Encrypting Data in Flight.............................................................................69 TLS............................................................................................................. 69 Certificate...................................................................................................72 Setting Up the Session..............................................................................73 Finishing the Handshake..........................................................................74 Contents ■ ix Site Validity...............................................................................................75 Proving Your Web App Is What It Says It Is...................................... 75 Testing Your Web App’s Confidentiality and Trust.......................... 77 What Kind of Trust?...........................................................................77 Spoofing and Related Concerns.......................................................... 79 Conclusion................................................................................................ 82 Resources....................................................................................................... 82 References...................................................................................................... 82 2 Cryptography.............................................................................................. 83 An Introduction to Cryptography................................................................ 84 Message Scrambling and Descrambling....................................................... 85 Encryption and Decryption..........................................................................86 Ciphertexts....................................................................................................86 Symmetric Key Systems and Asymmetric Key Systems...............................87 The Caesar Methodology.............................................................................. 87 Types of Cryptographic Attacks.............................................................. 88 Polyalphabetic Encryption............................................................................88 Block Ciphers................................................................................................89 Initialization Vectors..................................................................................... 90 Cipher Block Chaining................................................................................. 90 Disadvantages of Symmetric Key Cryptography......................................... 91 The Key Distribution Center........................................................................92 Mathematical Algorithms with Symmetric Cryptography..........................93 The Hashing Function.................................................................................. 94 Asymmetric Key Cryptography....................................................................95 Public Keys and Public Private Keys............................................................ 95 The Differences Between Asymmetric and Symmetric Cryptography....... 96 The Disadvantages of Asymmetric Cryptography....................................... 97 The Mathematical Algorithms of Asymmetric Cryptography.................... 98 The Public Key Infrastructure.......................................................................99 The Digital Certificates............................................................................... 100 How the Public Key Infrastructure Works................................................. 101 Public Key Infrastructure Policies and Rules............................................. 101 The LDAP Protocol.....................................................................................102 The Public Cryptography Standards...........................................................103 Parameters of Public Keys and Private Keys............................................... 104 How Many Servers?.....................................................................................105 Security Policies........................................................................................... 105 Securing the Public Keys and the Private Keys..........................................106 Message Digests and Hashes.......................................................................106 Security Vulnerabilities of Hashes...............................................................106 A Technical Review of Cryptography........................................................ 107 x ■ Contents The Digital Encryption Standard..........................................................107 The Internal Structure of the DES........................................................109 The Initial and Final Permutations................................................... 109 The f-Function....................................................................................109 The Key Schedule...............................................................................110 The Decryption Process of the DES Algorithm....................................Ill The Reversed Key Schedule............................................................... Ill The Decryption in the Feistel Network............................................ Ill The Security of the DES............................................................................. 113 The Advanced Encryption Standard.......................................................113 The Mathematics behind the DES Algorithm.................................114 The Internal Structure of the AES Algorithm..................................117 Decryption of the AES Algorithm.................................................... 120 Asymmetric and Public Key Cryptography................................................ 121 The Mathematics behind Asymmetric Cryptography........................... 124 The RSA Algorithm.....................................................................................125 The Use of Fast Exponentiation in the RSA Algorithm....................... 127 The Use of Fast Encryption with Shorter Public Key Exponentiation........................................................................................128 The Chinese Remainder Theorem (CRT).............................................. 128 How to Find Large Prime Integers for the RSA Algorithm...................... 129 The Use of Padding in the RSA Algorithm................................................131 Specific Cyberattacks on the RSA Algorithm.............................................132 The Digital Signature Algorithm................................................................133 Digital Signature Computation and Verification Process for the DSA................................................................................ 134 The Prime Number Generation Process in the DSA............................. 135 Security Issues with the DSA.................................................................135 The Elliptic Curve Digital Signature Algorithm........................................136 The Generation of the Public Key and the Private Key Using the ECDSA Algorithm........................................................................... 136 The Signature and the Verification Process of the ECDSA Algorithm................................................................................. 137 The Use of Hash Functions......................................................................... 138 The Security Requirements of Hash Functions..........................................139 A Technical Overview of Hash Function Algorithms............................... 142 Block Cipher-Based Hash Functions.................................................... 143 Technical Details of the Secure Hash Algorithm SHA-1.......................... 144 Key Distribution Centers............................................................................ 146 The Public Key Infrastructure and Certificate Authority.......................... 148 Resources......................................................................................................149 Contents ■ 3 XI՜ Penetration Testing...................................................................................151 Introduction.......................................................................................................151 Peeling the Onion..............................................................................................152 True Stories.........................................................................................................152 External Testing: Auxiliary System Vulnerabilities..................................152 Internal Testing.............................................................................................153 Report Narrative......................................................................................154 Report Narrative......................................................................................154 Web Application Testing............................................................................. 155 SSID Testing....................................................... 158 Types of Penetration Tests................................................................................ 159 Definitions of Low, Medium, High, and Critical Findings in Penetration Testing........................................................................................... 160 Compliances and Frameworks: Pen Testing Required..................................161 OWASP and OWASP Top Ten....................................................................... 162 OWASP Top Ten with Commentary....................................................... 162 Tools of the Trade............................................................................................. 164 Pen Test Methodology......................................................................................167 Penetration Test Checklist for External IPs and Web Applications............ 167 Chapter Takeaways........................................................................................... 172 Resources............................................................................................................ 174 4 Threat Hunting.......................................................................................... 175 Not-So-Tall Tales...............................................................................................176 Nation-State Bad Actors: Chinaand Iran.......................................................181 Threat Hunting Methods................................................................................. 182 MITRE ATT CK........................................................................................... 183 Technology Tools...............................................................................................183 The SIEM...................................................................................................... 183 EDR............................................................................................................... 184 EDR + SIEM................................................................................................185 IDS................................................................................................................ 185 When 1 + 1 + 1 = 1: The Visibility Window.................................................185 Threat Hunting Process or Model...................................................................186 On Becoming a Threat Hunter....................................................................... 188 Threat Hunting Conclusions............................................................................189 Resources............................................................................................................189 5 Conclusions................................................................................................191 Index.................................................................................................................... 199
any_adam_object	1
author	Das, Ravindra Johnson, Greg
author_GND	(DE-588)1100570306 (DE-588)1242061223
author_facet	Das, Ravindra Johnson, Greg
author_role	aut aut
author_sort	Das, Ravindra
author_variant	r d rd g j gj
building	Verbundindex
bvnumber	BV046914722
classification_rvk	ST 233
ctrlnum	(OCoLC)1220884289 (DE-599)BVBBV046914722
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01377nam a22003491c 4500</leader><controlfield tag="001">BV046914722</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20210928 </controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">200928s2020 xx a\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780367333751</subfield><subfield code="9">978-0-367-33375-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1220884289</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV046914722</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-83</subfield><subfield code="a">DE-739</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 233</subfield><subfield code="0">(DE-625)143620:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Das, Ravindra</subfield><subfield code="0">(DE-588)1100570306</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Testing and securing web applications</subfield><subfield code="c">Ravi Das and Greg Johnson</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton, FL</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">208 Seiten</subfield><subfield code="b">Illustrationen</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Johnson, Greg</subfield><subfield code="0">(DE-588)1242061223</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032324076</subfield></datafield></record></collection>
id	DE-604.BV046914722
illustrated	Illustrated
indexdate	2024-12-20T19:04:32Z
institution	BVB
isbn	9780367333751
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-032324076
oclc_num	1220884289
open_access_boolean
owner	DE-83 DE-739
owner_facet	DE-83 DE-739
physical	208 Seiten Illustrationen
publishDate	2020
publishDateSearch	2020
publishDateSort	2020
publisher	CRC Press
record_format	marc
spellingShingle	Das, Ravindra Johnson, Greg Testing and securing web applications Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd
subject_GND	(DE-588)4076370-5 (DE-588)4132652-0
title	Testing and securing web applications
title_auth	Testing and securing web applications
title_exact_search	Testing and securing web applications
title_full	Testing and securing web applications Ravi Das and Greg Johnson
title_fullStr	Testing and securing web applications Ravi Das and Greg Johnson
title_full_unstemmed	Testing and securing web applications Ravi Das and Greg Johnson
title_short	Testing and securing web applications
title_sort	testing and securing web applications
topic	Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd
topic_facet	Programmierung Softwaretest
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032324076&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT dasravindra testingandsecuringwebapplications AT johnsongreg testingandsecuringwebapplications

Verfügbarkeit

‌

Inhaltsverzeichnis