XSS Attacks: Cross Site Scripting Exploits and DefenseSyngress, 23.05.2007 - 448 Seiten A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data. XSS Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.
|
Inhalt
Chapter 2 The XSS Discovery Toolkit | 15 |
Chapter 3 XSS Theory | 67 |
Chapter 4 XSS Attack Methods | 163 |
Chapter 5 Advanced XSS Attack Vectors | 191 |
Chapter 6 XSS Exploited | 219 |
Chapter 7 Exploit Frameworks | 293 |
Chapter 8 XSS Worms | 375 |
Chapter 9 Preventing XSS Attacks | 395 |
Appendix A The Owned List | 409 |
439 | |
Andere Ausgaben - Alle anzeigen
XSS Attacks: Cross Site Scripting Exploits and Defense Seth Fogie,Jeremiah Grossman,Robert Hansen,Anton Rager,Petko D. Petkov Eingeschränkte Leseprobe - 2011 |
Häufige Begriffe und Wortgruppen
admin alert attack vector AttackAPI Autorun AVAILABLE NOW order backdoor bookmarklet Bookmarks Tools Help Browser Exploitation client configuration Console cookie create cross-site scripting CSRF Document DOM Inspector e-mail Edt View History encoding error example Figure File Edit View filter Firebug Firefox Ele Edt Firefox Extensions firewalls Flash function Google Mail GreaseMonkey Hacking header hijack History Bookmarks Tools host IFRAME injected input inside Internet Explorer IP address JavaScript JSON load login malicious malware MHTML module Mozilla Firefox object Options parameter password payload phishing port POST Protocol Proxy QuickTime redirection request result router scan session string target Technika TinyURL user scripts victim victim's browser View History Bookmarks Warhol worm Web application Web server window worm www.syngress.com XMLHttpRequest XSS attacks XSS vulnerability XSS-Proxy zombie