Warenkorb
€ 0,00 0 Buch dabei,
portofrei

Innocent Code

von Huseby
3:B&W 7. 5 x 9. 25 in or 235 x 191 mm Perfect Bound on White w/Gloss Lam. Sprache: Englisch.
Taschenbuch
Ihr 12%-Rabatt auf alle Spielwaren, Hörbücher, Filme, Musik u.v.m
 
12% Rabatt sichern mit Gutscheincode: KINDER12
 
* This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them * Based on real-world situations taken f… weiterlesen
Taschenbuch

50,99*

inkl. MwSt.
Portofrei
Lieferbar innerhalb von zwei bis drei Werktagen
Innocent Code als Taschenbuch

Produktdetails

Titel: Innocent Code
Autor/en: Huseby

ISBN: 0470857447
EAN: 9780470857441
3:B&W 7. 5 x 9. 25 in or 235 x 191 mm Perfect Bound on White w/Gloss Lam.
Sprache: Englisch.
John Wiley & Sons

22. Januar 2004 - kartoniert - 248 Seiten

Beschreibung

* This concise and practical book shows where code vulnerabilities lie-without delving into the specifics of each system architecture, programming or scripting language, or application-and how best to fix them * Based on real-world situations taken from the author's experiences of tracking coding mistakes at major financial institutions * Covers SQL injection attacks, cross-site scripting, data manipulation in order to bypass authorization, and other attacks that work because of missing pieces of code * Shows developers how to change their mindset from Web site construction to Web site destruction in order to find dangerous code

Inhaltsverzeichnis

Foreword.
Acknowledgments.
Introduction.
I.1 The Rules.
I.2 The Examples.
I.3 The Chapters.
I.4 What is Not in this Book?
I.5 A Note From the Author.
I.6 Feedback.
1. The Basics.
1.1 HTTP.
1.2 Sessions.
1.3 HTTPS.
1.4 Summary.
1.5 Do You Want to Know More?
2. Passing Data to Subsystems.
2.1 SQL Injection.
2.2 Shell Command Injection.
2.3 Talking to Programs Written in C/C++.
2.4 The Evil Eval.
2.5 Solving Metacharacter Problems.
2.6 Summary.
3. User Input.
3.1 What is Input Anyway?
3.2 Validating Input.
3.3 Handling Invalid Input.
3.4 The Dangers of Client-side Validation.
3.5 Authorization Problems.
3.6 Protecting Server-generated Input.
3.7 Summary.
4. Output Handling: The Cross-site Scripting Problem.
4.1 Examples.
4.2 The Problem.
4.3 The Solution.
4.4 Browser Character Sets.
4.5 Summary.; 4.6 Do You Want to Know More?
5. Web Trojans.
5.1 Examples.
5.2 The Problem.
5.3 A Solution.
5.4 Summary.
6. Passwords and Other Secrets.
6.1 Crypto-stuff.
6.2 Password-based Authentication.
6.3 Secret Identifiers.
6.4 Secret Leakage.
6.5 Availability of Server-side Code.
6.6 Summary.
6.7 Do You Want to Know More?
7. Enemies of Secure Code.
7.1 Ignorance.
7.2 Mess.
7.3 Deadlines.
7.4 Salesmen.
7.5 Closing Remarks.
7.6 Do You Want to Know More?
8. Summary of Rules for Secure Coding.
Appendix A: Bugs in the Web Server.
Appendix B: Packet Sniffing.
Appendix C: Sending HTML Formatted E-mails with Forged Sender Address.
Appendix D: More Information.
Acronyms.
References.
Index.

Portrait

Sverre Huseby runs his own company selling courses and consultancy services in Web application security. He's an active participant on webappsec mail forum.

Pressestimmen

"...the security book that all web developers need to read...sound advice...ignore at peril..." (Tech Book Report, January 2004)
"...achieves its aims admirably..." (PC Utilities, April 2004)
Servicehotline
089 - 70 80 99 47

Mo. - Fr. 8.00 - 20.00 Uhr
Sa. 10.00 - 20.00 Uhr
Filialhotline
089 - 30 75 75 75

Mo. - Sa. 9.00 - 20.00 Uhr
Bleiben Sie in Kontakt:
Sicher & bequem bezahlen:
akzeptierte Zahlungsarten: Überweisung, offene Rechnung,
Visa, Master Card, American Express, Paypal
Zustellung durch:
* Alle Preise verstehen sich inkl. der gesetzlichen MwSt. Informationen über den Versand und anfallende Versandkosten finden Sie hier.
** im Vergleich zum dargestellten Vergleichspreis.