|
 |
|
 |
 |
Hack Proofing Your Web Applications
|
by Ryan Russell
Sales Rank: 2463149
|
List Price: $19.98
$19.98
At Amazon
|
|
Do you have the free reader for this item?
|
Format: Adobe Reader PDFPrintable: Yes. This title is printableMac OS Compatible: OS 9.x or laterWindows Compatible: YesHandheld Compatible: Yes. Adobe Reader is available for PalmOS, Pocket PC, and Symbian OS.
File Size: 7759 KB
Digital: 625 pages
Publisher: SYNGRESS; 1 edition May 15, 2001
Also Available in:
Paperback
1
Product Description
As a developer, the best possible way to focus on security is to begin to think like a hacker. Examine the methods that hackers use to break into and attack Web sites and use that knowledge to prevent attacks. You already test your code for functionality; one step further is to test it for security-attempt to break into it by finding some hole that you may have unintentionally left in.
About The Author
Julie Traxler is a Senior Software Tester for an Internet software company. During her career, Julie has worked for such organizations as DecisionOne, EXE Technologies, and TV Guide. She has held several positions including Project Manager, Business Analyst, and Technical Writer and has specialized in software systems analysis and design. During her tenure at several organizations, Julie has worked to provide a starting point for software quality assurance and has helped to build QA teams and implement testing processes and strategies. The testing plans she has developed include testing for functionality, usability, requirements, acceptance, release, regression, security, integrity, and performance.
Jeff Forristal is the Lead Security Developer for Neohapsis, a Chicago-based security solution/consulting firm. Apart from assisting in network security assessments and application security reviews (including source code review), Jeff is the driving force behind Security Alert Consensus, a joint security alert newsletter published on a weekly basis by Neohapsis, Network Computing, and the SANS Institute.
Kevin Ziese is a Computer Scientist at Cisco Systems, Inc. Prior to joining Cisco he was a Senior Scientist and Founder of the Wheelgroup Corporation, which was acquired by Cisco Systems in April of 1998. Prior to starting the Wheelgroup Corporation, he was Chief of the Advanced Countermeasures Cell at the Air Force Information Warfare Center.
--This text refers to an out of print or unavailable edition of this title.
Customer Reviews & Comments
This review is from: Hack Proofing Your Web Applications (Paperback)
I'm working on a presentation on Web Application Security, and Ipicked up this text as a reference. What a mistake! The text isvague, poorly formatted and rife with errors. Just one example:p. 131 shows a sample CGI script for submitting comments toFreeBSD.org. First of all, the screenshot references a page thatdoesn't exist, tarnishing FreeBSD for no good reason. Secondly, thePerl CGI script doesn't set PATH, doesn't use taint, and doesn't checkexit values. Third, the form uses a hidden field for the submitaddress -- making it a juicy spam tool since the user could simplyreplace "mcross@freebsd.org" with any address she chooses. And Icould go on and on with just that one script. Othergripes: p. 465, "SSL makes the man-in-the-middle attack fail".Wrong. ... How about this: The authors refer to Perl as the"Practical Extraction and Reporting Language." (p. 151, p. 223) Arethey trying to impress newbies? SSL & PKI: only 20 pages of 565are devoted to SSL & PKI, and those are mostly screen shots of WindowsMMC. I'm not picking nits here, just citing examples thatparticularly irk me while flipping through it. The author seems tohave little to say about Securing Web Applications, so he rambles onwith useless background and repeats himself often. This might beuseful had it been edited down to 100 pages. I recommend Garfinkeland Spafford's 'Web Security, Privacy & Commerce,' however Forristaldoes minimally discuss ASP, which Garfinkel and Spafford neglect.Also, Forristal has some interesting ideas for code review. ...
|
Hack Proofing Your Web Applications
List Price: $19.98
Available from Amazon
Price: $19.98
| |
|
|
|
|
