Testing and securing web applications:
Gespeichert in:
Beteiligte Personen: | , |
---|---|
Format: | Elektronisch E-Book |
Sprache: | Englisch |
Veröffentlicht: |
Boca Raton ; London ; New York
CRC Press
2020
|
Ausgabe: | First edition |
Schlagwörter: | |
Links: | https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6264923 |
Beschreibung: | Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- About the Authors -- 1. Network Security -- Introduction -- A Chronological History of the Internet -- The Evolution of Web Applications -- The Fundamentals of Network Security - The OSI Model -- The OSI Model -- What Is the Significance of the OSI Model to Network Security? -- The Classification of Threats to the OSI Model -- The Most Probable Attacks -- Assessing a Threat to a Web Application -- Network Security Terminology -- The Types of Network Security Topologies Best Suited for Web Applications -- The Types of Attack That Can Take Place against Web Applications -- How to Protect Web Applications from DDoS Attacks -- Defending against Buffer Overflow Attacks -- Defending against IP Spoofing Attacks -- Defending against Session Hijacking -- Defending Virus and Trojan Horse Attacks -- Viruses -- How a Virus Spreads Itself -- The Different Types of Viruses -- Defending Web Applications at a Deeper Level -- The Firewall -- Types of Firewalls -- Blacklisting and Whitelisting -- How to Properly Implement a Firewall to Safeguard the Web Application -- The Use of Intrusion Detection Systems -- Understanding What a Network Intrusion Detection System Is -- Preemptive Blocking -- Anomaly Detection -- Important NIDS Processes and Subcomponents -- The Use of VPNs to Protect a Web Application Server -- The Basics of VPN Technology -- The Virtual Private Network Protocols that are Used to Secure a Web Application Server -- How PPTP Sessions are Authenticated -- How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated -- How Password Authentication Protocol (PAP) Sessions are Authenticated -- How Shiva Password Authentication Protocol (SPAP)Sessions are Authenticated -- How Kerberos Protocol Sessions are Authenticated How IPSec Protocol Sessions are Authenticated -- How SSL Protocol Sessions are Authenticated -- How to Assess the Current State of Security of a Web Application Server -- Important Risk Assessment Methodologies and How They Relate to Web Application Security -- Single Loss Expectancy (SLE) -- The Annualized Loss Expectancy (ALE) -- The Residual Risk -- How to Evaluate the Security Risk that is Posed to the Web Application and its Server -- How to Conduct the Initial Security Assessment on the Web Application -- Techniques Used by Cyberattackers against the Web Application and Web Application Server -- The Techniques Used by the Cyberhacker -- Techniques Used by the Cyberattacker -- Network Security and Its Relevance for Web Apps -- Data Confidentiality -- Common Technical Layouts for Modern Web App Infrastructure -- Encrypting Data in Flight -- TLS -- Certificate -- Setting Up the Session -- Finishing the Handshake -- Site Validity -- Proving Your Web App Is What It Says It Is -- Testing Your Web App's Confidentiality and Trust -- What Kind of Trust? -- Spoofing and Related Concerns -- Conclusion -- Resources -- References -- 2. Cryptography -- An Introduction to Cryptography -- Message Scrambling and Descrambling -- Encryption and Decryption -- Ciphertexts -- Symmetric Key Systems and Asymmetric Key Systems -- The Caesar Methodology -- Types of Cryptographic Attacks -- Polyalphabetic Encryption -- Block Ciphers -- Initialization Vectors -- Cipher Block Chaining -- Disadvantages of Symmetric Key Cryptography -- The Key Distribution Center -- Mathematical Algorithms with Symmetric Cryptography -- The Hashing Function -- Asymmetric Key Cryptography -- Public Keys and Public Private Keys -- The Differences Between Asymmetric and Symmetric Cryptography -- The Disadvantages of Asymmetric Cryptography The Mathematical Algorithms of Asymmetric Cryptography -- The Public Key Infrastructure -- The Digital Certificates -- How the Public Key Infrastructure Works -- Public Key Infrastructure Policies and Rules -- The LDAP Protocol -- The Public Cryptography Standards -- Parameters of Public Keys and Private Keys -- How Many Servers? -- Security Policies -- Securing the Public Keys and the Private Keys -- Message Digests and Hashes -- Security Vulnerabilities of Hashes -- A Technical Review of Cryptography -- The Digital Encryption Standard -- The Internal Structure of the DES -- The Initial and Final Permutations -- The f-Function -- The Key Schedule -- The Decryption Process of the DES Algorithm -- The Reversed Key Schedule -- The Decryption in the Feistel Network -- The Security of the DES -- The Advanced Encryption Standard -- The Mathematics behind the DES Algorithm -- The Internal Structure of the AES Algorithm -- Decryption of the AES Algorithm -- Asymmetric and Public Key Cryptography -- The Mathematics behind Asymmetric Cryptography -- The RSA Algorithm -- The Use of Fast Exponentiation in the RSA Algorithm -- The Use of Fast Encryption with Shorter Public Key Exponentiation -- The Chinese Remainder Theorem (CRT) -- How to Find Large Prime Integers for the RSA Algorithm -- The Use of Padding in the RSA Algorithm -- Specific Cyberattacks on the RSA Algorithm -- The Digital Signature Algorithm -- Digital Signature Computation and Verification Process for the DSA -- The Prime Number Generation Process in the DSA -- Security Issues with the DSA -- The Elliptic Curve Digital Signature Algorithm -- The Generation of the Public Key and the Private Key Using the ECDSA Algorithm -- The Signature and the Verification Process of the ECDSA Algorithm -- The Use of Hash Functions -- The Security Requirements of Hash Functions A Technical Overview of Hash Function Algorithms -- Block Cipher-Based Hash Functions -- Technical Details of the Secure Hash Algorithm SHA-1 -- Key Distribution Centers -- The Public Key Infrastructure and Certificate Authority -- Resources -- 3. Penetration Testing -- Introduction -- Peeling the Onion -- True Stories -- External Testing: Auxiliary System Vulnerabilities -- Internal Testing -- Report Narrative -- Report Narrative -- Web Application Testing -- SSID Testing -- Types of Penetration Tests -- Definitions of Low, Medium, High, and Critical Findings in Penetration Testing -- Compliances and Frameworks: Pen Testing Required -- OWASP and OWASP Top Ten -- OWASP Top Ten with Commentary -- Tools of the Trade -- Pen Test Methodology -- Penetration Test Checklist for External IPs and Web Applications -- Chapter Takeaways -- Resources -- 4. Threat Hunting -- Not-So-Tall Tales -- Nation-State Bad Actors: China and Iran -- Threat Hunting Methods -- MITRE ATT& -- CK -- Technology Tools -- The SIEM -- EDR -- EDR + SIEM -- IDS -- When 1 + 1 + 1 = 1: The Visibility Window -- Threat Hunting Process or Model -- On Becoming a Threat Hunter -- Threat Hunting Conclusions -- Resources -- 5. Conclusions -- Index |
Umfang: | 1 Online-Ressource (224 Seiten) |
ISBN: | 9781000166071 9781003081210 |
Internformat
MARC
LEADER | 00000nam a2200000zc 4500 | ||
---|---|---|---|
001 | BV047017233 | ||
003 | DE-604 | ||
005 | 20230817 | ||
007 | cr|uuu---uuuuu | ||
008 | 201118s2020 xx o|||| 00||| eng d | ||
020 | |a 9781000166071 |9 978-1-00-016607-1 | ||
020 | |a 9781003081210 |9 978-1-003-08121-0 | ||
035 | |a (ZDB-30-PQE)EBC6264923 | ||
035 | |a (OCoLC)1224014859 | ||
035 | |a (DE-599)BVBBV047017233 | ||
040 | |a DE-604 |b ger |e rda | ||
041 | 0 | |a eng | |
049 | |a DE-91 | ||
082 | 0 | |a 005.14 | |
084 | |a ST 233 |0 (DE-625)143620: |2 rvk | ||
084 | |a DAT 330 |2 stub | ||
084 | |a DAT 461 |2 stub | ||
084 | |a DAT 675 |2 stub | ||
100 | 1 | |a Das, Ravindra |e Verfasser |0 (DE-588)1100570306 |4 aut | |
245 | 1 | 0 | |a Testing and securing web applications |c by Ravi Das and Greg Johnson |
250 | |a First edition | ||
264 | 1 | |a Boca Raton ; London ; New York |b CRC Press |c 2020 | |
300 | |a 1 Online-Ressource (224 Seiten) | ||
336 | |b txt |2 rdacontent | ||
337 | |b c |2 rdamedia | ||
338 | |b cr |2 rdacarrier | ||
500 | |a Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- About the Authors -- 1. Network Security -- Introduction -- A Chronological History of the Internet -- The Evolution of Web Applications -- The Fundamentals of Network Security - The OSI Model -- The OSI Model -- What Is the Significance of the OSI Model to Network Security? -- The Classification of Threats to the OSI Model -- The Most Probable Attacks -- Assessing a Threat to a Web Application -- Network Security Terminology -- The Types of Network Security Topologies Best Suited for Web Applications -- The Types of Attack That Can Take Place against Web Applications -- How to Protect Web Applications from DDoS Attacks -- Defending against Buffer Overflow Attacks -- Defending against IP Spoofing Attacks -- Defending against Session Hijacking -- Defending Virus and Trojan Horse Attacks -- Viruses -- How a Virus Spreads Itself -- The Different Types of Viruses -- Defending Web Applications at a Deeper Level -- The Firewall -- Types of Firewalls -- Blacklisting and Whitelisting -- How to Properly Implement a Firewall to Safeguard the Web Application -- The Use of Intrusion Detection Systems -- Understanding What a Network Intrusion Detection System Is -- Preemptive Blocking -- Anomaly Detection -- Important NIDS Processes and Subcomponents -- The Use of VPNs to Protect a Web Application Server -- The Basics of VPN Technology -- The Virtual Private Network Protocols that are Used to Secure a Web Application Server -- How PPTP Sessions are Authenticated -- How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated -- How Password Authentication Protocol (PAP) Sessions are Authenticated -- How Shiva Password Authentication Protocol (SPAP)Sessions are Authenticated -- How Kerberos Protocol Sessions are Authenticated | ||
500 | |a How IPSec Protocol Sessions are Authenticated -- How SSL Protocol Sessions are Authenticated -- How to Assess the Current State of Security of a Web Application Server -- Important Risk Assessment Methodologies and How They Relate to Web Application Security -- Single Loss Expectancy (SLE) -- The Annualized Loss Expectancy (ALE) -- The Residual Risk -- How to Evaluate the Security Risk that is Posed to the Web Application and its Server -- How to Conduct the Initial Security Assessment on the Web Application -- Techniques Used by Cyberattackers against the Web Application and Web Application Server -- The Techniques Used by the Cyberhacker -- Techniques Used by the Cyberattacker -- Network Security and Its Relevance for Web Apps -- Data Confidentiality -- Common Technical Layouts for Modern Web App Infrastructure -- Encrypting Data in Flight -- TLS -- Certificate -- Setting Up the Session -- Finishing the Handshake -- Site Validity -- Proving Your Web App Is What It Says It Is -- Testing Your Web App's Confidentiality and Trust -- What Kind of Trust? -- Spoofing and Related Concerns -- Conclusion -- Resources -- References -- 2. Cryptography -- An Introduction to Cryptography -- Message Scrambling and Descrambling -- Encryption and Decryption -- Ciphertexts -- Symmetric Key Systems and Asymmetric Key Systems -- The Caesar Methodology -- Types of Cryptographic Attacks -- Polyalphabetic Encryption -- Block Ciphers -- Initialization Vectors -- Cipher Block Chaining -- Disadvantages of Symmetric Key Cryptography -- The Key Distribution Center -- Mathematical Algorithms with Symmetric Cryptography -- The Hashing Function -- Asymmetric Key Cryptography -- Public Keys and Public Private Keys -- The Differences Between Asymmetric and Symmetric Cryptography -- The Disadvantages of Asymmetric Cryptography | ||
500 | |a The Mathematical Algorithms of Asymmetric Cryptography -- The Public Key Infrastructure -- The Digital Certificates -- How the Public Key Infrastructure Works -- Public Key Infrastructure Policies and Rules -- The LDAP Protocol -- The Public Cryptography Standards -- Parameters of Public Keys and Private Keys -- How Many Servers? -- Security Policies -- Securing the Public Keys and the Private Keys -- Message Digests and Hashes -- Security Vulnerabilities of Hashes -- A Technical Review of Cryptography -- The Digital Encryption Standard -- The Internal Structure of the DES -- The Initial and Final Permutations -- The f-Function -- The Key Schedule -- The Decryption Process of the DES Algorithm -- The Reversed Key Schedule -- The Decryption in the Feistel Network -- The Security of the DES -- The Advanced Encryption Standard -- The Mathematics behind the DES Algorithm -- The Internal Structure of the AES Algorithm -- Decryption of the AES Algorithm -- Asymmetric and Public Key Cryptography -- The Mathematics behind Asymmetric Cryptography -- The RSA Algorithm -- The Use of Fast Exponentiation in the RSA Algorithm -- The Use of Fast Encryption with Shorter Public Key Exponentiation -- The Chinese Remainder Theorem (CRT) -- How to Find Large Prime Integers for the RSA Algorithm -- The Use of Padding in the RSA Algorithm -- Specific Cyberattacks on the RSA Algorithm -- The Digital Signature Algorithm -- Digital Signature Computation and Verification Process for the DSA -- The Prime Number Generation Process in the DSA -- Security Issues with the DSA -- The Elliptic Curve Digital Signature Algorithm -- The Generation of the Public Key and the Private Key Using the ECDSA Algorithm -- The Signature and the Verification Process of the ECDSA Algorithm -- The Use of Hash Functions -- The Security Requirements of Hash Functions | ||
500 | |a A Technical Overview of Hash Function Algorithms -- Block Cipher-Based Hash Functions -- Technical Details of the Secure Hash Algorithm SHA-1 -- Key Distribution Centers -- The Public Key Infrastructure and Certificate Authority -- Resources -- 3. Penetration Testing -- Introduction -- Peeling the Onion -- True Stories -- External Testing: Auxiliary System Vulnerabilities -- Internal Testing -- Report Narrative -- Report Narrative -- Web Application Testing -- SSID Testing -- Types of Penetration Tests -- Definitions of Low, Medium, High, and Critical Findings in Penetration Testing -- Compliances and Frameworks: Pen Testing Required -- OWASP and OWASP Top Ten -- OWASP Top Ten with Commentary -- Tools of the Trade -- Pen Test Methodology -- Penetration Test Checklist for External IPs and Web Applications -- Chapter Takeaways -- Resources -- 4. Threat Hunting -- Not-So-Tall Tales -- Nation-State Bad Actors: China and Iran -- Threat Hunting Methods -- MITRE ATT& -- CK -- Technology Tools -- The SIEM -- EDR -- EDR + SIEM -- IDS -- When 1 + 1 + 1 = 1: The Visibility Window -- Threat Hunting Process or Model -- On Becoming a Threat Hunter -- Threat Hunting Conclusions -- Resources -- 5. Conclusions -- Index | ||
650 | 0 | 7 | |a Programmierung |0 (DE-588)4076370-5 |2 gnd |9 rswk-swf |
650 | 0 | 7 | |a Softwaretest |0 (DE-588)4132652-0 |2 gnd |9 rswk-swf |
689 | 0 | 0 | |a Softwaretest |0 (DE-588)4132652-0 |D s |
689 | 0 | 1 | |a Programmierung |0 (DE-588)4076370-5 |D s |
689 | 0 | |5 DE-604 | |
700 | 1 | |a Johnson, Greg |e Verfasser |4 aut | |
776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe, Paperback |z 978-0-367-33375-1 |
776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |z 978-0-367-53271-0 |
912 | |a ZDB-30-PQE | ||
943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-032424768 | |
966 | e | |u https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6264923 |l DE-91 |p ZDB-30-PQE |q TUM_PDA_PQE_Kauf |x Aggregator |3 Volltext |
Datensatz im Suchindex
DE-BY-TUM_katkey | 2509145 |
---|---|
_version_ | 1821933279258869760 |
any_adam_object | |
author | Das, Ravindra Johnson, Greg |
author_GND | (DE-588)1100570306 |
author_facet | Das, Ravindra Johnson, Greg |
author_role | aut aut |
author_sort | Das, Ravindra |
author_variant | r d rd g j gj |
building | Verbundindex |
bvnumber | BV047017233 |
classification_rvk | ST 233 |
classification_tum | DAT 330 DAT 461 DAT 675 |
collection | ZDB-30-PQE |
ctrlnum | (ZDB-30-PQE)EBC6264923 (OCoLC)1224014859 (DE-599)BVBBV047017233 |
dewey-full | 005.14 |
dewey-hundreds | 000 - Computer science, information, general works |
dewey-ones | 005 - Computer programming, programs, data, security |
dewey-raw | 005.14 |
dewey-search | 005.14 |
dewey-sort | 15.14 |
dewey-tens | 000 - Computer science, information, general works |
discipline | Informatik |
edition | First edition |
format | Electronic eBook |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>08498nam a2200517zc 4500</leader><controlfield tag="001">BV047017233</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20230817 </controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">201118s2020 xx o|||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781000166071</subfield><subfield code="9">978-1-00-016607-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781003081210</subfield><subfield code="9">978-1-003-08121-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC6264923</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1224014859</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV047017233</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.14</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 233</subfield><subfield code="0">(DE-625)143620:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 330</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 461</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 675</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Das, Ravindra</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1100570306</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Testing and securing web applications</subfield><subfield code="c">by Ravi Das and Greg Johnson</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">First edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton ; London ; New York</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (224 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- About the Authors -- 1. Network Security -- Introduction -- A Chronological History of the Internet -- The Evolution of Web Applications -- The Fundamentals of Network Security - The OSI Model -- The OSI Model -- What Is the Significance of the OSI Model to Network Security? -- The Classification of Threats to the OSI Model -- The Most Probable Attacks -- Assessing a Threat to a Web Application -- Network Security Terminology -- The Types of Network Security Topologies Best Suited for Web Applications -- The Types of Attack That Can Take Place against Web Applications -- How to Protect Web Applications from DDoS Attacks -- Defending against Buffer Overflow Attacks -- Defending against IP Spoofing Attacks -- Defending against Session Hijacking -- Defending Virus and Trojan Horse Attacks -- Viruses -- How a Virus Spreads Itself -- The Different Types of Viruses -- Defending Web Applications at a Deeper Level -- The Firewall -- Types of Firewalls -- Blacklisting and Whitelisting -- How to Properly Implement a Firewall to Safeguard the Web Application -- The Use of Intrusion Detection Systems -- Understanding What a Network Intrusion Detection System Is -- Preemptive Blocking -- Anomaly Detection -- Important NIDS Processes and Subcomponents -- The Use of VPNs to Protect a Web Application Server -- The Basics of VPN Technology -- The Virtual Private Network Protocols that are Used to Secure a Web Application Server -- How PPTP Sessions are Authenticated -- How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated -- How Password Authentication Protocol (PAP) Sessions are Authenticated -- How Shiva Password Authentication Protocol (SPAP)Sessions are Authenticated -- How Kerberos Protocol Sessions are Authenticated</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">How IPSec Protocol Sessions are Authenticated -- How SSL Protocol Sessions are Authenticated -- How to Assess the Current State of Security of a Web Application Server -- Important Risk Assessment Methodologies and How They Relate to Web Application Security -- Single Loss Expectancy (SLE) -- The Annualized Loss Expectancy (ALE) -- The Residual Risk -- How to Evaluate the Security Risk that is Posed to the Web Application and its Server -- How to Conduct the Initial Security Assessment on the Web Application -- Techniques Used by Cyberattackers against the Web Application and Web Application Server -- The Techniques Used by the Cyberhacker -- Techniques Used by the Cyberattacker -- Network Security and Its Relevance for Web Apps -- Data Confidentiality -- Common Technical Layouts for Modern Web App Infrastructure -- Encrypting Data in Flight -- TLS -- Certificate -- Setting Up the Session -- Finishing the Handshake -- Site Validity -- Proving Your Web App Is What It Says It Is -- Testing Your Web App's Confidentiality and Trust -- What Kind of Trust? -- Spoofing and Related Concerns -- Conclusion -- Resources -- References -- 2. Cryptography -- An Introduction to Cryptography -- Message Scrambling and Descrambling -- Encryption and Decryption -- Ciphertexts -- Symmetric Key Systems and Asymmetric Key Systems -- The Caesar Methodology -- Types of Cryptographic Attacks -- Polyalphabetic Encryption -- Block Ciphers -- Initialization Vectors -- Cipher Block Chaining -- Disadvantages of Symmetric Key Cryptography -- The Key Distribution Center -- Mathematical Algorithms with Symmetric Cryptography -- The Hashing Function -- Asymmetric Key Cryptography -- Public Keys and Public Private Keys -- The Differences Between Asymmetric and Symmetric Cryptography -- The Disadvantages of Asymmetric Cryptography</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">The Mathematical Algorithms of Asymmetric Cryptography -- The Public Key Infrastructure -- The Digital Certificates -- How the Public Key Infrastructure Works -- Public Key Infrastructure Policies and Rules -- The LDAP Protocol -- The Public Cryptography Standards -- Parameters of Public Keys and Private Keys -- How Many Servers? -- Security Policies -- Securing the Public Keys and the Private Keys -- Message Digests and Hashes -- Security Vulnerabilities of Hashes -- A Technical Review of Cryptography -- The Digital Encryption Standard -- The Internal Structure of the DES -- The Initial and Final Permutations -- The f-Function -- The Key Schedule -- The Decryption Process of the DES Algorithm -- The Reversed Key Schedule -- The Decryption in the Feistel Network -- The Security of the DES -- The Advanced Encryption Standard -- The Mathematics behind the DES Algorithm -- The Internal Structure of the AES Algorithm -- Decryption of the AES Algorithm -- Asymmetric and Public Key Cryptography -- The Mathematics behind Asymmetric Cryptography -- The RSA Algorithm -- The Use of Fast Exponentiation in the RSA Algorithm -- The Use of Fast Encryption with Shorter Public Key Exponentiation -- The Chinese Remainder Theorem (CRT) -- How to Find Large Prime Integers for the RSA Algorithm -- The Use of Padding in the RSA Algorithm -- Specific Cyberattacks on the RSA Algorithm -- The Digital Signature Algorithm -- Digital Signature Computation and Verification Process for the DSA -- The Prime Number Generation Process in the DSA -- Security Issues with the DSA -- The Elliptic Curve Digital Signature Algorithm -- The Generation of the Public Key and the Private Key Using the ECDSA Algorithm -- The Signature and the Verification Process of the ECDSA Algorithm -- The Use of Hash Functions -- The Security Requirements of Hash Functions</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">A Technical Overview of Hash Function Algorithms -- Block Cipher-Based Hash Functions -- Technical Details of the Secure Hash Algorithm SHA-1 -- Key Distribution Centers -- The Public Key Infrastructure and Certificate Authority -- Resources -- 3. Penetration Testing -- Introduction -- Peeling the Onion -- True Stories -- External Testing: Auxiliary System Vulnerabilities -- Internal Testing -- Report Narrative -- Report Narrative -- Web Application Testing -- SSID Testing -- Types of Penetration Tests -- Definitions of Low, Medium, High, and Critical Findings in Penetration Testing -- Compliances and Frameworks: Pen Testing Required -- OWASP and OWASP Top Ten -- OWASP Top Ten with Commentary -- Tools of the Trade -- Pen Test Methodology -- Penetration Test Checklist for External IPs and Web Applications -- Chapter Takeaways -- Resources -- 4. Threat Hunting -- Not-So-Tall Tales -- Nation-State Bad Actors: China and Iran -- Threat Hunting Methods -- MITRE ATT&amp -- CK -- Technology Tools -- The SIEM -- EDR -- EDR + SIEM -- IDS -- When 1 + 1 + 1 = 1: The Visibility Window -- Threat Hunting Process or Model -- On Becoming a Threat Hunter -- Threat Hunting Conclusions -- Resources -- 5. Conclusions -- Index</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Johnson, Greg</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe, Paperback</subfield><subfield code="z">978-0-367-33375-1</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">978-0-367-53271-0</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032424768</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6264923</subfield><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">TUM_PDA_PQE_Kauf</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
id | DE-604.BV047017233 |
illustrated | Not Illustrated |
indexdate | 2024-12-20T19:07:25Z |
institution | BVB |
isbn | 9781000166071 9781003081210 |
language | English |
oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-032424768 |
oclc_num | 1224014859 |
open_access_boolean | |
owner | DE-91 DE-BY-TUM |
owner_facet | DE-91 DE-BY-TUM |
physical | 1 Online-Ressource (224 Seiten) |
psigel | ZDB-30-PQE ZDB-30-PQE TUM_PDA_PQE_Kauf |
publishDate | 2020 |
publishDateSearch | 2020 |
publishDateSort | 2020 |
publisher | CRC Press |
record_format | marc |
spellingShingle | Das, Ravindra Johnson, Greg Testing and securing web applications Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd |
subject_GND | (DE-588)4076370-5 (DE-588)4132652-0 |
title | Testing and securing web applications |
title_auth | Testing and securing web applications |
title_exact_search | Testing and securing web applications |
title_full | Testing and securing web applications by Ravi Das and Greg Johnson |
title_fullStr | Testing and securing web applications by Ravi Das and Greg Johnson |
title_full_unstemmed | Testing and securing web applications by Ravi Das and Greg Johnson |
title_short | Testing and securing web applications |
title_sort | testing and securing web applications |
topic | Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd |
topic_facet | Programmierung Softwaretest |
work_keys_str_mv | AT dasravindra testingandsecuringwebapplications AT johnsongreg testingandsecuringwebapplications |