Verfügbarkeit: Testing and securing web applications

Testing and securing web applications:

Gespeichert in:

Bibliographische Detailangaben
Beteiligte Personen:	Das, Ravindra (VerfasserIn), Johnson, Greg (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	Englisch
Veröffentlicht:	Boca Raton ; London ; New York CRC Press 2020
Ausgabe:	First edition
Schlagwörter:	Programmierung Softwaretest
Links:	https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6264923
Beschreibung:	Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- About the Authors -- 1. Network Security -- Introduction -- A Chronological History of the Internet -- The Evolution of Web Applications -- The Fundamentals of Network Security - The OSI Model -- The OSI Model -- What Is the Significance of the OSI Model to Network Security? -- The Classification of Threats to the OSI Model -- The Most Probable Attacks -- Assessing a Threat to a Web Application -- Network Security Terminology -- The Types of Network Security Topologies Best Suited for Web Applications -- The Types of Attack That Can Take Place against Web Applications -- How to Protect Web Applications from DDoS Attacks -- Defending against Buffer Overflow Attacks -- Defending against IP Spoofing Attacks -- Defending against Session Hijacking -- Defending Virus and Trojan Horse Attacks -- Viruses -- How a Virus Spreads Itself -- The Different Types of Viruses -- Defending Web Applications at a Deeper Level -- The Firewall -- Types of Firewalls -- Blacklisting and Whitelisting -- How to Properly Implement a Firewall to Safeguard the Web Application -- The Use of Intrusion Detection Systems -- Understanding What a Network Intrusion Detection System Is -- Preemptive Blocking -- Anomaly Detection -- Important NIDS Processes and Subcomponents -- The Use of VPNs to Protect a Web Application Server -- The Basics of VPN Technology -- The Virtual Private Network Protocols that are Used to Secure a Web Application Server -- How PPTP Sessions are Authenticated -- How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated -- How Password Authentication Protocol (PAP) Sessions are Authenticated -- How Shiva Password Authentication Protocol (SPAP)Sessions are Authenticated -- How Kerberos Protocol Sessions are Authenticated How IPSec Protocol Sessions are Authenticated -- How SSL Protocol Sessions are Authenticated -- How to Assess the Current State of Security of a Web Application Server -- Important Risk Assessment Methodologies and How They Relate to Web Application Security -- Single Loss Expectancy (SLE) -- The Annualized Loss Expectancy (ALE) -- The Residual Risk -- How to Evaluate the Security Risk that is Posed to the Web Application and its Server -- How to Conduct the Initial Security Assessment on the Web Application -- Techniques Used by Cyberattackers against the Web Application and Web Application Server -- The Techniques Used by the Cyberhacker -- Techniques Used by the Cyberattacker -- Network Security and Its Relevance for Web Apps -- Data Confidentiality -- Common Technical Layouts for Modern Web App Infrastructure -- Encrypting Data in Flight -- TLS -- Certificate -- Setting Up the Session -- Finishing the Handshake -- Site Validity -- Proving Your Web App Is What It Says It Is -- Testing Your Web App's Confidentiality and Trust -- What Kind of Trust? -- Spoofing and Related Concerns -- Conclusion -- Resources -- References -- 2. Cryptography -- An Introduction to Cryptography -- Message Scrambling and Descrambling -- Encryption and Decryption -- Ciphertexts -- Symmetric Key Systems and Asymmetric Key Systems -- The Caesar Methodology -- Types of Cryptographic Attacks -- Polyalphabetic Encryption -- Block Ciphers -- Initialization Vectors -- Cipher Block Chaining -- Disadvantages of Symmetric Key Cryptography -- The Key Distribution Center -- Mathematical Algorithms with Symmetric Cryptography -- The Hashing Function -- Asymmetric Key Cryptography -- Public Keys and Public Private Keys -- The Differences Between Asymmetric and Symmetric Cryptography -- The Disadvantages of Asymmetric Cryptography The Mathematical Algorithms of Asymmetric Cryptography -- The Public Key Infrastructure -- The Digital Certificates -- How the Public Key Infrastructure Works -- Public Key Infrastructure Policies and Rules -- The LDAP Protocol -- The Public Cryptography Standards -- Parameters of Public Keys and Private Keys -- How Many Servers? -- Security Policies -- Securing the Public Keys and the Private Keys -- Message Digests and Hashes -- Security Vulnerabilities of Hashes -- A Technical Review of Cryptography -- The Digital Encryption Standard -- The Internal Structure of the DES -- The Initial and Final Permutations -- The f-Function -- The Key Schedule -- The Decryption Process of the DES Algorithm -- The Reversed Key Schedule -- The Decryption in the Feistel Network -- The Security of the DES -- The Advanced Encryption Standard -- The Mathematics behind the DES Algorithm -- The Internal Structure of the AES Algorithm -- Decryption of the AES Algorithm -- Asymmetric and Public Key Cryptography -- The Mathematics behind Asymmetric Cryptography -- The RSA Algorithm -- The Use of Fast Exponentiation in the RSA Algorithm -- The Use of Fast Encryption with Shorter Public Key Exponentiation -- The Chinese Remainder Theorem (CRT) -- How to Find Large Prime Integers for the RSA Algorithm -- The Use of Padding in the RSA Algorithm -- Specific Cyberattacks on the RSA Algorithm -- The Digital Signature Algorithm -- Digital Signature Computation and Verification Process for the DSA -- The Prime Number Generation Process in the DSA -- Security Issues with the DSA -- The Elliptic Curve Digital Signature Algorithm -- The Generation of the Public Key and the Private Key Using the ECDSA Algorithm -- The Signature and the Verification Process of the ECDSA Algorithm -- The Use of Hash Functions -- The Security Requirements of Hash Functions A Technical Overview of Hash Function Algorithms -- Block Cipher-Based Hash Functions -- Technical Details of the Secure Hash Algorithm SHA-1 -- Key Distribution Centers -- The Public Key Infrastructure and Certificate Authority -- Resources -- 3. Penetration Testing -- Introduction -- Peeling the Onion -- True Stories -- External Testing: Auxiliary System Vulnerabilities -- Internal Testing -- Report Narrative -- Report Narrative -- Web Application Testing -- SSID Testing -- Types of Penetration Tests -- Definitions of Low, Medium, High, and Critical Findings in Penetration Testing -- Compliances and Frameworks: Pen Testing Required -- OWASP and OWASP Top Ten -- OWASP Top Ten with Commentary -- Tools of the Trade -- Pen Test Methodology -- Penetration Test Checklist for External IPs and Web Applications -- Chapter Takeaways -- Resources -- 4. Threat Hunting -- Not-So-Tall Tales -- Nation-State Bad Actors: China and Iran -- Threat Hunting Methods -- MITRE ATT&amp -- CK -- Technology Tools -- The SIEM -- EDR -- EDR + SIEM -- IDS -- When 1 + 1 + 1 = 1: The Visibility Window -- Threat Hunting Process or Model -- On Becoming a Threat Hunter -- Threat Hunting Conclusions -- Resources -- 5. Conclusions -- Index
Umfang:	1 Online-Ressource (224 Seiten)
ISBN:	9781000166071 9781003081210

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV047017233
003	DE-604
005	20230817
007	cr\|uuu---uuuuu
008	201118s2020 xx o\|\|\|\| 00\|\|\| eng d
020			\|a 9781000166071 \|9 978-1-00-016607-1
020			\|a 9781003081210 \|9 978-1-003-08121-0
035			\|a (ZDB-30-PQE)EBC6264923
035			\|a (OCoLC)1224014859
035			\|a (DE-599)BVBBV047017233
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
049			\|a DE-91
082	0		\|a 005.14
084			\|a ST 233 \|0 (DE-625)143620: \|2 rvk
084			\|a DAT 330 \|2 stub
084			\|a DAT 461 \|2 stub
084			\|a DAT 675 \|2 stub
100	1		\|a Das, Ravindra \|e Verfasser \|0 (DE-588)1100570306 \|4 aut
245	1	0	\|a Testing and securing web applications \|c by Ravi Das and Greg Johnson
250			\|a First edition
264		1	\|a Boca Raton ; London ; New York \|b CRC Press \|c 2020
300			\|a 1 Online-Ressource (224 Seiten)
336			\|b txt \|2 rdacontent
337			\|b c \|2 rdamedia
338			\|b cr \|2 rdacarrier
500			\|a Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- About the Authors -- 1. Network Security -- Introduction -- A Chronological History of the Internet -- The Evolution of Web Applications -- The Fundamentals of Network Security - The OSI Model -- The OSI Model -- What Is the Significance of the OSI Model to Network Security? -- The Classification of Threats to the OSI Model -- The Most Probable Attacks -- Assessing a Threat to a Web Application -- Network Security Terminology -- The Types of Network Security Topologies Best Suited for Web Applications -- The Types of Attack That Can Take Place against Web Applications -- How to Protect Web Applications from DDoS Attacks -- Defending against Buffer Overflow Attacks -- Defending against IP Spoofing Attacks -- Defending against Session Hijacking -- Defending Virus and Trojan Horse Attacks -- Viruses -- How a Virus Spreads Itself -- The Different Types of Viruses -- Defending Web Applications at a Deeper Level -- The Firewall -- Types of Firewalls -- Blacklisting and Whitelisting -- How to Properly Implement a Firewall to Safeguard the Web Application -- The Use of Intrusion Detection Systems -- Understanding What a Network Intrusion Detection System Is -- Preemptive Blocking -- Anomaly Detection -- Important NIDS Processes and Subcomponents -- The Use of VPNs to Protect a Web Application Server -- The Basics of VPN Technology -- The Virtual Private Network Protocols that are Used to Secure a Web Application Server -- How PPTP Sessions are Authenticated -- How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated -- How Password Authentication Protocol (PAP) Sessions are Authenticated -- How Shiva Password Authentication Protocol (SPAP)Sessions are Authenticated -- How Kerberos Protocol Sessions are Authenticated
500			\|a How IPSec Protocol Sessions are Authenticated -- How SSL Protocol Sessions are Authenticated -- How to Assess the Current State of Security of a Web Application Server -- Important Risk Assessment Methodologies and How They Relate to Web Application Security -- Single Loss Expectancy (SLE) -- The Annualized Loss Expectancy (ALE) -- The Residual Risk -- How to Evaluate the Security Risk that is Posed to the Web Application and its Server -- How to Conduct the Initial Security Assessment on the Web Application -- Techniques Used by Cyberattackers against the Web Application and Web Application Server -- The Techniques Used by the Cyberhacker -- Techniques Used by the Cyberattacker -- Network Security and Its Relevance for Web Apps -- Data Confidentiality -- Common Technical Layouts for Modern Web App Infrastructure -- Encrypting Data in Flight -- TLS -- Certificate -- Setting Up the Session -- Finishing the Handshake -- Site Validity -- Proving Your Web App Is What It Says It Is -- Testing Your Web App's Confidentiality and Trust -- What Kind of Trust? -- Spoofing and Related Concerns -- Conclusion -- Resources -- References -- 2. Cryptography -- An Introduction to Cryptography -- Message Scrambling and Descrambling -- Encryption and Decryption -- Ciphertexts -- Symmetric Key Systems and Asymmetric Key Systems -- The Caesar Methodology -- Types of Cryptographic Attacks -- Polyalphabetic Encryption -- Block Ciphers -- Initialization Vectors -- Cipher Block Chaining -- Disadvantages of Symmetric Key Cryptography -- The Key Distribution Center -- Mathematical Algorithms with Symmetric Cryptography -- The Hashing Function -- Asymmetric Key Cryptography -- Public Keys and Public Private Keys -- The Differences Between Asymmetric and Symmetric Cryptography -- The Disadvantages of Asymmetric Cryptography
500			\|a The Mathematical Algorithms of Asymmetric Cryptography -- The Public Key Infrastructure -- The Digital Certificates -- How the Public Key Infrastructure Works -- Public Key Infrastructure Policies and Rules -- The LDAP Protocol -- The Public Cryptography Standards -- Parameters of Public Keys and Private Keys -- How Many Servers? -- Security Policies -- Securing the Public Keys and the Private Keys -- Message Digests and Hashes -- Security Vulnerabilities of Hashes -- A Technical Review of Cryptography -- The Digital Encryption Standard -- The Internal Structure of the DES -- The Initial and Final Permutations -- The f-Function -- The Key Schedule -- The Decryption Process of the DES Algorithm -- The Reversed Key Schedule -- The Decryption in the Feistel Network -- The Security of the DES -- The Advanced Encryption Standard -- The Mathematics behind the DES Algorithm -- The Internal Structure of the AES Algorithm -- Decryption of the AES Algorithm -- Asymmetric and Public Key Cryptography -- The Mathematics behind Asymmetric Cryptography -- The RSA Algorithm -- The Use of Fast Exponentiation in the RSA Algorithm -- The Use of Fast Encryption with Shorter Public Key Exponentiation -- The Chinese Remainder Theorem (CRT) -- How to Find Large Prime Integers for the RSA Algorithm -- The Use of Padding in the RSA Algorithm -- Specific Cyberattacks on the RSA Algorithm -- The Digital Signature Algorithm -- Digital Signature Computation and Verification Process for the DSA -- The Prime Number Generation Process in the DSA -- Security Issues with the DSA -- The Elliptic Curve Digital Signature Algorithm -- The Generation of the Public Key and the Private Key Using the ECDSA Algorithm -- The Signature and the Verification Process of the ECDSA Algorithm -- The Use of Hash Functions -- The Security Requirements of Hash Functions
500			\|a A Technical Overview of Hash Function Algorithms -- Block Cipher-Based Hash Functions -- Technical Details of the Secure Hash Algorithm SHA-1 -- Key Distribution Centers -- The Public Key Infrastructure and Certificate Authority -- Resources -- 3. Penetration Testing -- Introduction -- Peeling the Onion -- True Stories -- External Testing: Auxiliary System Vulnerabilities -- Internal Testing -- Report Narrative -- Report Narrative -- Web Application Testing -- SSID Testing -- Types of Penetration Tests -- Definitions of Low, Medium, High, and Critical Findings in Penetration Testing -- Compliances and Frameworks: Pen Testing Required -- OWASP and OWASP Top Ten -- OWASP Top Ten with Commentary -- Tools of the Trade -- Pen Test Methodology -- Penetration Test Checklist for External IPs and Web Applications -- Chapter Takeaways -- Resources -- 4. Threat Hunting -- Not-So-Tall Tales -- Nation-State Bad Actors: China and Iran -- Threat Hunting Methods -- MITRE ATT&amp -- CK -- Technology Tools -- The SIEM -- EDR -- EDR + SIEM -- IDS -- When 1 + 1 + 1 = 1: The Visibility Window -- Threat Hunting Process or Model -- On Becoming a Threat Hunter -- Threat Hunting Conclusions -- Resources -- 5. Conclusions -- Index
650	0	7	\|a Programmierung \|0 (DE-588)4076370-5 \|2 gnd \|9 rswk-swf
650	0	7	\|a Softwaretest \|0 (DE-588)4132652-0 \|2 gnd \|9 rswk-swf
689	0	0	\|a Softwaretest \|0 (DE-588)4132652-0 \|D s
689	0	1	\|a Programmierung \|0 (DE-588)4076370-5 \|D s
689	0		\|5 DE-604
700	1		\|a Johnson, Greg \|e Verfasser \|4 aut
776	0	8	\|i Erscheint auch als \|n Druck-Ausgabe, Paperback \|z 978-0-367-33375-1
776	0	8	\|i Erscheint auch als \|n Druck-Ausgabe \|z 978-0-367-53271-0
912			\|a ZDB-30-PQE
943	1		\|a oai:aleph.bib-bvb.de:BVB01-032424768
966	e		\|u https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6264923 \|l DE-91 \|p ZDB-30-PQE \|q TUM_PDA_PQE_Kauf \|x Aggregator \|3 Volltext

Datensatz im Suchindex

DE-BY-TUM_katkey	2509145
_version_	1821933279258869760
any_adam_object
author	Das, Ravindra Johnson, Greg
author_GND	(DE-588)1100570306
author_facet	Das, Ravindra Johnson, Greg
author_role	aut aut
author_sort	Das, Ravindra
author_variant	r d rd g j gj
building	Verbundindex
bvnumber	BV047017233
classification_rvk	ST 233
classification_tum	DAT 330 DAT 461 DAT 675
collection	ZDB-30-PQE
ctrlnum	(ZDB-30-PQE)EBC6264923 (OCoLC)1224014859 (DE-599)BVBBV047017233
dewey-full	005.14
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.14
dewey-search	005.14
dewey-sort	15.14
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	First edition
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>08498nam a2200517zc 4500</leader><controlfield tag="001">BV047017233</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20230817 </controlfield><controlfield tag="007">cr\|uuu---uuuuu</controlfield><controlfield tag="008">201118s2020 xx o\|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781000166071</subfield><subfield code="9">978-1-00-016607-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781003081210</subfield><subfield code="9">978-1-003-08121-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC6264923</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1224014859</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV047017233</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.14</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 233</subfield><subfield code="0">(DE-625)143620:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 330</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 461</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 675</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Das, Ravindra</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1100570306</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Testing and securing web applications</subfield><subfield code="c">by Ravi Das and Greg Johnson</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">First edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton ; London ; New York</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (224 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Cover -- Half Title -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- About the Authors -- 1. Network Security -- Introduction -- A Chronological History of the Internet -- The Evolution of Web Applications -- The Fundamentals of Network Security - The OSI Model -- The OSI Model -- What Is the Significance of the OSI Model to Network Security? -- The Classification of Threats to the OSI Model -- The Most Probable Attacks -- Assessing a Threat to a Web Application -- Network Security Terminology -- The Types of Network Security Topologies Best Suited for Web Applications -- The Types of Attack That Can Take Place against Web Applications -- How to Protect Web Applications from DDoS Attacks -- Defending against Buffer Overflow Attacks -- Defending against IP Spoofing Attacks -- Defending against Session Hijacking -- Defending Virus and Trojan Horse Attacks -- Viruses -- How a Virus Spreads Itself -- The Different Types of Viruses -- Defending Web Applications at a Deeper Level -- The Firewall -- Types of Firewalls -- Blacklisting and Whitelisting -- How to Properly Implement a Firewall to Safeguard the Web Application -- The Use of Intrusion Detection Systems -- Understanding What a Network Intrusion Detection System Is -- Preemptive Blocking -- Anomaly Detection -- Important NIDS Processes and Subcomponents -- The Use of VPNs to Protect a Web Application Server -- The Basics of VPN Technology -- The Virtual Private Network Protocols that are Used to Secure a Web Application Server -- How PPTP Sessions are Authenticated -- How Layer 2 Tunneling Protocol (L2TP) Sessions are Authenticated -- How Password Authentication Protocol (PAP) Sessions are Authenticated -- How Shiva Password Authentication Protocol (SPAP)Sessions are Authenticated -- How Kerberos Protocol Sessions are Authenticated</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">How IPSec Protocol Sessions are Authenticated -- How SSL Protocol Sessions are Authenticated -- How to Assess the Current State of Security of a Web Application Server -- Important Risk Assessment Methodologies and How They Relate to Web Application Security -- Single Loss Expectancy (SLE) -- The Annualized Loss Expectancy (ALE) -- The Residual Risk -- How to Evaluate the Security Risk that is Posed to the Web Application and its Server -- How to Conduct the Initial Security Assessment on the Web Application -- Techniques Used by Cyberattackers against the Web Application and Web Application Server -- The Techniques Used by the Cyberhacker -- Techniques Used by the Cyberattacker -- Network Security and Its Relevance for Web Apps -- Data Confidentiality -- Common Technical Layouts for Modern Web App Infrastructure -- Encrypting Data in Flight -- TLS -- Certificate -- Setting Up the Session -- Finishing the Handshake -- Site Validity -- Proving Your Web App Is What It Says It Is -- Testing Your Web App's Confidentiality and Trust -- What Kind of Trust? -- Spoofing and Related Concerns -- Conclusion -- Resources -- References -- 2. Cryptography -- An Introduction to Cryptography -- Message Scrambling and Descrambling -- Encryption and Decryption -- Ciphertexts -- Symmetric Key Systems and Asymmetric Key Systems -- The Caesar Methodology -- Types of Cryptographic Attacks -- Polyalphabetic Encryption -- Block Ciphers -- Initialization Vectors -- Cipher Block Chaining -- Disadvantages of Symmetric Key Cryptography -- The Key Distribution Center -- Mathematical Algorithms with Symmetric Cryptography -- The Hashing Function -- Asymmetric Key Cryptography -- Public Keys and Public Private Keys -- The Differences Between Asymmetric and Symmetric Cryptography -- The Disadvantages of Asymmetric Cryptography</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">The Mathematical Algorithms of Asymmetric Cryptography -- The Public Key Infrastructure -- The Digital Certificates -- How the Public Key Infrastructure Works -- Public Key Infrastructure Policies and Rules -- The LDAP Protocol -- The Public Cryptography Standards -- Parameters of Public Keys and Private Keys -- How Many Servers? -- Security Policies -- Securing the Public Keys and the Private Keys -- Message Digests and Hashes -- Security Vulnerabilities of Hashes -- A Technical Review of Cryptography -- The Digital Encryption Standard -- The Internal Structure of the DES -- The Initial and Final Permutations -- The f-Function -- The Key Schedule -- The Decryption Process of the DES Algorithm -- The Reversed Key Schedule -- The Decryption in the Feistel Network -- The Security of the DES -- The Advanced Encryption Standard -- The Mathematics behind the DES Algorithm -- The Internal Structure of the AES Algorithm -- Decryption of the AES Algorithm -- Asymmetric and Public Key Cryptography -- The Mathematics behind Asymmetric Cryptography -- The RSA Algorithm -- The Use of Fast Exponentiation in the RSA Algorithm -- The Use of Fast Encryption with Shorter Public Key Exponentiation -- The Chinese Remainder Theorem (CRT) -- How to Find Large Prime Integers for the RSA Algorithm -- The Use of Padding in the RSA Algorithm -- Specific Cyberattacks on the RSA Algorithm -- The Digital Signature Algorithm -- Digital Signature Computation and Verification Process for the DSA -- The Prime Number Generation Process in the DSA -- Security Issues with the DSA -- The Elliptic Curve Digital Signature Algorithm -- The Generation of the Public Key and the Private Key Using the ECDSA Algorithm -- The Signature and the Verification Process of the ECDSA Algorithm -- The Use of Hash Functions -- The Security Requirements of Hash Functions</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">A Technical Overview of Hash Function Algorithms -- Block Cipher-Based Hash Functions -- Technical Details of the Secure Hash Algorithm SHA-1 -- Key Distribution Centers -- The Public Key Infrastructure and Certificate Authority -- Resources -- 3. Penetration Testing -- Introduction -- Peeling the Onion -- True Stories -- External Testing: Auxiliary System Vulnerabilities -- Internal Testing -- Report Narrative -- Report Narrative -- Web Application Testing -- SSID Testing -- Types of Penetration Tests -- Definitions of Low, Medium, High, and Critical Findings in Penetration Testing -- Compliances and Frameworks: Pen Testing Required -- OWASP and OWASP Top Ten -- OWASP Top Ten with Commentary -- Tools of the Trade -- Pen Test Methodology -- Penetration Test Checklist for External IPs and Web Applications -- Chapter Takeaways -- Resources -- 4. Threat Hunting -- Not-So-Tall Tales -- Nation-State Bad Actors: China and Iran -- Threat Hunting Methods -- MITRE ATT&amp -- CK -- Technology Tools -- The SIEM -- EDR -- EDR + SIEM -- IDS -- When 1 + 1 + 1 = 1: The Visibility Window -- Threat Hunting Process or Model -- On Becoming a Threat Hunter -- Threat Hunting Conclusions -- Resources -- 5. Conclusions -- Index</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Programmierung</subfield><subfield code="0">(DE-588)4076370-5</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Johnson, Greg</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe, Paperback</subfield><subfield code="z">978-0-367-33375-1</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">978-0-367-53271-0</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032424768</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/munchentech/detail.action?docID=6264923</subfield><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">TUM_PDA_PQE_Kauf</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection>
id	DE-604.BV047017233
illustrated	Not Illustrated
indexdate	2024-12-20T19:07:25Z
institution	BVB
isbn	9781000166071 9781003081210
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-032424768
oclc_num	1224014859
open_access_boolean
owner	DE-91 DE-BY-TUM
owner_facet	DE-91 DE-BY-TUM
physical	1 Online-Ressource (224 Seiten)
psigel	ZDB-30-PQE ZDB-30-PQE TUM_PDA_PQE_Kauf
publishDate	2020
publishDateSearch	2020
publishDateSort	2020
publisher	CRC Press
record_format	marc
spellingShingle	Das, Ravindra Johnson, Greg Testing and securing web applications Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd
subject_GND	(DE-588)4076370-5 (DE-588)4132652-0
title	Testing and securing web applications
title_auth	Testing and securing web applications
title_exact_search	Testing and securing web applications
title_full	Testing and securing web applications by Ravi Das and Greg Johnson
title_fullStr	Testing and securing web applications by Ravi Das and Greg Johnson
title_full_unstemmed	Testing and securing web applications by Ravi Das and Greg Johnson
title_short	Testing and securing web applications
title_sort	testing and securing web applications
topic	Programmierung (DE-588)4076370-5 gnd Softwaretest (DE-588)4132652-0 gnd
topic_facet	Programmierung Softwaretest
work_keys_str_mv	AT dasravindra testingandsecuringwebapplications AT johnsongreg testingandsecuringwebapplications

Verfügbarkeit

Bestellen (Login erforderlich)

Online lesen