The Web Application Hackers Handbook

Only by understanding how an attacker thinks can you truly secure your IT systems. This comprehensive handbook is the key. The security professionals around bestselling author Michael Kofler provide you with all the know-how you need to protect your infrastructures from attacks – practical examples and concrete scenarios included. From securing Active Directory to using Kali Linux, from searching for exploits to hardening web servers: Here you will become a security expert! Fully updated, with new chapters on IT forensics and intrusion detection systems.

To the book
To the e-book
Materials

1,200 pages, hardcover, 77 mm. Foreword by Sebastian Schreiber. Manual size 16.8 x 24 cm. Printed in black and white on wood-free 90g offset paper. Reader-friendly serif typeface (The AntiquaB 9.3 pt.). Single column layout. Extensive index. Downloadable e-book in PDF (51 MB), EPUB (31 MB), and MOBI/Kindle for Kindle readers (74 MB) formats, and as an online book. Files are DRM-free, with personalized digital signature. Printing, copy & paste, and comments are allowed. Illustrations in color. Table of contents, index and references in the text are linked. Additional e-book information: https://www.rheinwerk-verlag.de/e-books/ No materials are available for the current edition.

” Hacking and IT security need to be thought of together – after all, you can’t stand on one leg. “

Dr. Michael Kofler is one of the most renowned IT authors in the German-speaking world. He also works as an administrator, software developer and as a lecturer at a university of applied sciences. Dr. Klaus Gebeshuber is professor for IT security at the FH JOANNEUM in Kapfenberg (Austria). His focus is on network security, industrial security, security analysis and penetration testing. Peter Kloep is an outstanding expert for secure Windows infrastructures in the German-speaking area. Dipl.-Ing. (FH) Frank Neugebauer looks back on many years of service as an officer in the German Federal Armed Forces. André Zingsheim works as a senior security consultant at TÜV TRUST IT GmbH. In addition to technical security analyses and penetration tests of IT systems and infrastructures, he is intensively involved in the security of mobile devices. Thomas Hackner is Senior Security Consultant and Managing Director of the company HACKNER Security Intelligence GmbH, which he founded in 2010 after completing his studies in Secure Information Systems in Hagenberg, Upper Austria. Markus Widl has been working as a consultant, developer and trainer in IT for about 20 years. His focus is on cloud technologies such as Office 365 and Azure. Roland Aigner is an expert for secure IoT infrastructures. He developed firmware and software in medical in-vitro diagnostics, is a co-author in the Bluetooth SIG as well as a founding member of the NFC Forum, where he focused specifically on ticketing and communication security. Stefan Kania has been working as a freelance consultant and trainer since 1997. His focus is on the secure implementation of Samba and LDAP as well as on training courses on both topics. Tobias Scheible is a research assistant at the Albstadt-Sigmaringen University of Applied Sciences. There he works at the Institute for Scientific Continuing Education (IWW) as a lecturer in the university certificate program and holds in-service modules in the areas of network security, Internet technologies and IT forensics. Dr. Matthias Wübbeling is an IT security enthusiast, scientist, author, entrepreneur, consultant and speaker. Author portraits 578 pages, 2018, paperback Rheinwerk Computing, ISBN 978-3-8362-4460-2 578 pages, 2018 E-Book formats: PDF, EPUB, MOBI/Kindle, Online Rheinwerk Computing, ISBN 978-3-8362-4461-9 578 pages, 2018, paperback E-book formats: PDF, EPUB, MOBI/Kindle, Online Rheinwerk Computing, ISBN 978-3-8362-5480-9 578 pages, 2018 E-Book Formats: PDF, EPUB, MOBI/Kindle, Online Rheinwerk Computing, ISBN 978-3-8362-5481-6

Your web applications and websites offer hackers numerous hidden gateways. This practical guide shows you which attack vectors your adversaries use and how to protect your applications from web hacking and malware. Security expert Carsten Eilers introduces you to the techniques used by hackers and cybercriminals. With this knowledge, you will be one step ahead of your attackers. Learn how to check your web applications for known vulnerabilities such as authentication problems, SQL injections, cross site scripting as well as attacks against the architecture of your web app. Benefit from annotated code samples of real malware and use the included sample application to test attack vectors and find bugs. How to protect yourself effectively against web hacking!

Detect and close security holes in web applications
Analyze code, run through practical scenarios, understand backgrounds
For penetration testers and developers

To the book
To the e-book
Materials

578 pages, paperback, 32 mm. Flexible manual format 19 x 24 cm. Black and white printed on woodfree 90g offset paper. Reader-friendly serif font (The AntiquaB 9.3 pt.). Single column layout. Downloadable e-book in PDF (17 MB), EPUB (11 MB), and MOBI/Kindle (19 MB) formats, and as an online book. Files are DRM-free, with personalized digital signature. Printing, copy & paste, and comments are allowed. With illustrations and syntax highlighting in color. Table of contents, index, and references are linked. More information about the e-book.

- Demo application and additional materialIn this archive you will find the accompanying material to the book. Unzip the file to the root directory of your web server. Go to the /hacking-index.html page to get to the demo app and further explanations. Since we include the malicious code of some older worms, your virus scanner should alert you when unpacking the file. Please configure an appropriate exception when downloading the archive.

From the contents

Find vulnerabilities

Many convenient functions hide potential security vulnerabilities. See your web application through the eyes of the attacker and learn how to test and secure apps.
Securing apps

Real-world tips help you secure your web app development. You’ll easily play through different attack vectors on a demo application.
Understand the background

What impact does hosting have on security? Why can resetting a password be a security issue and how did worms like Samy and Yamanner actually work? With this knowledge, you’ll be one step ahead of attackers.

From the contents

These are the vulnerabilities you need to know about: The OWASP Top 10
Test environment, tools and resources
Exploring targets, gathering intelligence
State-based attacks: cookies, URLs, sessions
Authentication, password security, hashes
Cross Site Scripting: Reflected, Persistent, DOM-based XSS
SQL injections
Other injections: OS code, XPATH, SOAP, SMTP, LDAP
Directory Traversal
Basics: Buffer overflows, format strings and more
Architecture issues
Attacks on web servers

Complete table of contents

“Small mistakes in developing a web application can lead to big vulnerabilities! So take precautions and learn how to do it right. “

Carsten Eilers (Dipl.-Inf.) is a pen tester and security coach. He has successfully implemented numerous projects in the field of IT security and technical data protection. Author portrait

These books might also interest you

Exploit!

– Harden Code, Analyze Bugs, Understand Hacks

By Klaus Gebeshuber, Egon Teiniker, Wilhelm Zugaj 519 pages, hardcover E-Book formats: PDF, EPUB, MOBI/Kindle, Online € 44,90 Immediately available Book | E-Book | Bundle
Progressive Web Apps

– The Practice Book

by Christian Liebel 518 pages, hardcover E-Book formats: PDF, EPUB, MOBI/Kindle, Online € 39,90 Immediately available Book | E-Book | Bundle
Programming Neural Networks with Python

by Joachim Steinwendner, Roland Schwaiger 479 pages, paperback, full color E-Book formats: PDF, EPUB, MOBI/Kindle, Online € 29,90 Immediately available Book | E-Book | Bundle