وبلاگ بلیان

راهنمای مدیر برای امنیت برنامه‌های وب: راهنمای مختصر برای نقاط ضعف وب

The Manager's Guide to Web Application Security : A Concise Guide to the Weaker Side of the Web

جلد کتاب راهنمای مدیر برای امنیت برنامه‌های وب: راهنمای مختصر برای نقاط ضعف وب

معرفی کتاب «راهنمای مدیر برای امنیت برنامه‌های وب: راهنمای مختصر برای نقاط ضعف وب» (با عنوان لاتین The Manager's Guide to Web Application Security : A Concise Guide to the Weaker Side of the Web) نوشتهٔ Ron Lepofsky، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2014. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

__The Manager's Guide to Web Application Security__ is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them. __The Manager's Guide to Web Application Security__ describes how to fix and prevent these vulnerabilities in easy-to-understand discussions of vulnerability classes and their remediation. For easy reference, the information is also presented schematically in Excel spreadsheets available to readers for free download from the publisher’s digital annex. The book is current, concise, and to the point—which is to help managers cut through the technical jargon and make the business decisions required to find, fix, and prevent serious vulnerabilities. Fully Automated TestingManual Testing; Combining Automated and Manual Testing; Penetration Testing; Postremediation Testing; Important Report Deliverables for All Testing Reports; Summary; Chapter 3: Web Application Vulnerabilities and the Damage They Can Cause; Lack of Sufficient Authentication; Weak Password Controls; Passwords Submitted Without Encryption; Username Harvesting; Weak Session Management; Weak SSL Ciphers Support; Information Submitted Using the GET Method; Self-Signed Certificates, Insecure Keys, and Passwords; Username Harvesting Applied to Forgotten Password Process Temporary Files Left in the EnvironmentInternal IP Address Revealed by Web Server; Server Path Disclosed; Hidden Directory Detected; Unencrypted VIEWSTATE; Obsolete Web Server; Query Parameter in SSL Request; Error Handling; Cross-Site Scripting Attacks; Reflected Cross-Site Scripting Attack; Stored Cross-Site Scripting Attack; Cross-Site Request Forgery Attack; Security Misconfigurations and Use of Known Vulnerable Components; Denial-of-Service Attack; Related Security Issues; Storage of Data at Rest; Storage of Account Lists; Password Storage; Insufficient Patch Management; Summary Lack of Validated Input Allowing Automatic Script ExecutionUnauthorized Access by Parameter Manipulation; Buffer Overflows; Forms Submitted Using the GET Method; Redirects and Forwards to Insecure Sites; Application Susceptible to Brute-Force Attacks; Client-Side Enforcement of Server-Side Security; Injection Flaws; SQL Injection; Blind SQL Injection; Link Injection; HTTP Header Injection Vulnerability; HTTP Response-Splitting Attack; Unauthorized View of Data; Web Application Source Code Disclosure; Web Directories Enumerated; Active Directory Object Default Page on Server Autocomplete Enabled on Password FieldsSession IDs Nonrandom and Too Short; Weak Access Control; Frameable Response (Clickjacking); Cached HTTPS Response; Sensitive Information Disclosed in HTML Comments; HTTP Server Type and Version Number Disclosed; Insufficient Session Expiration; HTML Does Not Specify Charset; Session Fixation; Insecure Cookies; Cookies with No Secure Flag; Cookies Set to Expire in the Distant Future; Cookies with No HttpOnly Flag; Cookies Created on the Client Side; Cookies Scoped to a Parent Domain; Weak Input Validation at the Application Level Ron Lepofsky. Find, Fix, And Prevent Vulnerablilities In Web Applications. Includes Index. Chapter 4: Web Application Vulnerabilities and Countermeasures
دانلود کتاب راهنمای مدیر برای امنیت برنامه‌های وب: راهنمای مختصر برای نقاط ضعف وب