![[FCO]FreeCoursesOnline](https://onehack.us/uploads/default/original/3X/b/4/b4d2fc8468becec1e9976784dba394e5a378ec81.jpg){kind=small}
INTRODUCTION
Way back in 1999, the first edition of Hacking Exposed introduced many people to the ease with which computer networks and systems are broken into. Although there are still many today who are not enlightened to this reality, large numbers are beginning to understand the necessity for firewalls, secure operating system configuration, vendor patch maintenance, and many other previously arcane fundamentals of information system security.
Unfortunately, the rapid evolution brought about by the Internet has already pushed the goalposts far upfield. Firewalls, operating system security, and the latest patches can all be bypassed with a simple attack against a web application. Although these elements are still critical components of any security infrastructure, they are clearly powerless to stop a new generation of attacks that are increasing in frequency and sophistication all the time.
Don’t just take our word for it. Gartner Group says 75 percent of hacks are at the web app level and, that out of 300 audited sites, 97 percent are vulnerable to attack. The WhiteHat Website Security Statistics Report, Fall 2009, says 83 percent of web sites have had at least one serious vulnerability, 64 percent of web sites currently have at least one, and found a 61 percent vulnerability resolution-rate with 8,902 unresolved issues remaining (sample size: 1,364 sites). Headlines for devastating attacks are now
commonplace: the Identity Theft Resource Center, ITRC, says there have been at least 301 security breaches resulting in the exposure of more than 8.2 million records throughout the first six months of 2010). The estimated total number of sensitive digital records compromised by security breaches is climbing to stratospheric heights: over 900 million records alone from the sample of over 900 breaches across 6 trailing years in the Verizon Business 2010 Data Breach Investigations Report.
We cannot put the horse of Internet commerce back in the barn and shut the door. There is no other choice left but to draw a line in the sand and defend the positions staked out in cyberspace by countless organizations and individuals. For anyone who has assembled even the most rudimentary web site, you know this is a daunting task. Faced with the security limitations of existing protocols like HTTP, as well as the ever-accelerating pace of technological change, including XML Web Services.
▼ 1 Hacking Web Apps 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 2 Profi ling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 3 Hacking Web Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 4 Attacking Web Authentication . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 5 Attacking Web Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 6 Input Injection Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 7 Attacking XML Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 8 Attacking Web Application Management . . . . . . . . . . . . . . . . .
▼ 9 Hacking Web Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
▼ 10 The Enterprise Web Application Security Program . . . . . . . . .
▼ A Web Application Security Checklist . . . . . . . . . . . . . . . . . . . . . .
▼ B Web Hacking Tools and Techniques Cribsheet . . . . . . . . . . . . .
▼ Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Happy learning!