Web Application Defender’s Cookbook
- Length: 552 pages
- Edition: 1
- Language: English
- Publisher: Wiley
- Publication Date: 2012-12-10
- ISBN-10: 1118362187
- ISBN-13: 9781118362181
- Sales Rank: #667936 (See Top 100 Books)
Web Application Defender’s Cookbook: Battling Hackers and Protecting Users
Defending your web applications against hackers and attackers
The top-selling book Web Application Hacker’s Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender’s Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.
Each “recipe” shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.
- Provides practical tactics for detecting web attacks and malicious behavior and defending against them
- Written by a preeminent authority on web application firewall technology and web application defense tactics
- Offers a series of “recipes” that include working code examples for the open-source ModSecurity web application firewall module
Find the tools, techniques, and expert information you need to detect and respond to web application attacks with Web Application Defender’s Cookbook: Battling Hackers and Protecting Users.
Table of Contents
I Preparing the Battle Space 1
1 Application Fortification 7
2 Vulnerability Identification and Remediation 67
3 Poisoned Pawns (Hacker Traps) 115
II Asymmetric Warfare 137
4 Reputation and Third-Party Correlation 139
5 Request Data Analysis 171
6 Response Data Analysis 223
7 Defending Authentication 265
8 Defending Session State 291
9 Preventing Application Attacks 323
10 Preventing Client Attacks 353
11 Defending File Uploads 387
12 Enforcing Access Rate and Application Flows 395
III Tactical Response 419
13 Passive Response Actions 421
14 Active Response Actions 441
15 Intrusive Response Actions 479