Cover image for Web Application Security

Web Application Security

Author Andrew Hoffman
Release Date: 2020/06/01
ISBN: 9781492053101
Topic:
0%
38
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking—until now. This practical guide provides both defensive and offensive security concepts that software engineers can easily learn and apply.

Andrew Hoffman, a product security lead at Salesforce.com, introduces three pillars of web application security: recon, offense, and defense. You’ll learn methods for effectively researching and analyzing modern web applications—including those you don’t have direct access to. You’ll also learn how to apply countermeasures to your own applications in order to prevent or mitigate risk from hackers.

Ideal as a reference guide or educational text, this book helps you:

  • Explore common vulnerabilities that plague today's web applications
  • Learn essential hacking techniques that attackers use for exploiting applications
  • Map and document web applications for which you do not have direct access
  • Hack your application by applying the OWASP 10 exploits and other attacks
  • Learn how to code your application to protect against the attacks you’ve identified
  • Get practical tips to help you improve the overall security of your web products
  • Develop and deploy your own customized exploits that can bypass many defenses

Table of Contents

  1. Preface
    1. Prerequisite Knowledge and Learning Goals
    2. Target Audience
    3. Who Benefits Most From Reading This Book?
      1. Software Engineers and Web Application Developers
      2. Security Engineers, Pen Testers & Bug Bounty Hunters
    4. How Is This Book Organized?
      1. Recon
      2. Why Is Recon Important
      3. Offense
      4. Vulnerabilities Considered in Depth
      5. Defense
      6. Trade-off Evaluation
    5. Language and Terminology
    6. Summary
    7. Conventions Used in This Book
    8. Using Code Examples
    9. O’Reilly
    10. How to Contact Us
    11. Acknowledgments
  2. 1. The History of Software Security
    1. The Origins of Hacking
    2. The Enigma Machine, Circa 1930
    3. Automated Enigma Code Cracking, Circa 1940
      1. Introducing the “Bombe”.
    4. Telephone “Phreaking”, Circa 1950
    5. Anti-Phreaking Technology, Circa 1960
    6. The Origins of Computer Hacking, Circa 1980
    7. The Rise of the World Wide Web, Circa 2000
    8. Hackers in the Modern Era, Circa 2015+
    9. Summary
  3. I. Recon
  4. 2. Introduction to Web Application Reconnaissance
    1. Information Gathering
    2. Web Application Mapping
    3. Summary
  5. 3. The Structure of a Modern Web Application
    1. Modern Versus Legacy Web Applications
    2. REST API’s
    3. JavaScript Object Notation (JSON)
    4. JavaScript
      1. Variables and Scope
      2. Functions and Context
      3. Prototypal Inheritance
      4. Asynchrony
      5. Browser DOM
    5. SPA Frameworks
    6. Authentication and Authorization Systems
      1. Authentication
      2. Authorization
    7. Web Servers
    8. Server-Side Databases
    9. Client-Side Data Stores
    10. Summary
  6. 4. Finding Subdomains
    1. Multiple Applications Per Domain
    2. The Browser’s Built-In Network Analysis Tools
    3. Taking Advantage of Public Records
      1. Search Engine Caches
      2. Accidental Archives
      3. Social Snapshots
    4. Zone Transfer Attacks
    5. Brute Forcing Subdomains
    6. Dictionary Attacks
    7. Summary
  7. 5. API Analysis
    1. Endpoint Discovery
    2. Authentication Mechanisms
    3. Endpoint Shapes
      1. Common Shapes
      2. Application Specific Shapes
    4. Summary
  8. 6. Identifying Third Party Dependencies
    1. Detecting Client Side Frameworks
      1. Detecting SPA Frameworks
      2. Detecting JavaScript Libraries
      3. Detecting CSS Libraries
    2. Detecting Server Side Frameworks
      1. Header Detection
      2. Default Error Messages & 404 Pages
      3. Database Detection
    3. Summary
  9. 7. Identifying Weak Points in Application Architecture
    1. Secure Versus Insecure Architecture Signals
    2. Multiple Layers of Security
    3. Adoption and Re-Invention
    4. Summary
  10. 8. Summary
  11. II. Offense
  12. 9. Introduction to Hacking Web Applications
    1. The Hacker’s Mindset
    2. Applied Recon
  13. 10. Cross Site Scripting (XSS)
    1. XSS Discovery and Exploitation
    2. Stored XSS
    3. Reflected XSS
    4. DOM-Based XSS
    5. Mutation-based XSS
    6. Summary
  14. 11. Cross-Site Request Forgery (CSRF)
    1. Query Parameter Tampering
    2. Alternate GET Payloads
    3. CSRF Against POST Endpoints
    4. Summary
  15. 12. XML External Entity (XXE)
    1. Direct XXE
    2. Indirect XXE
    3. Summary
  16. 13. Injection
    1. SQL Injection
    2. Code Injection
    3. Command Injection
    4. Summary
  17. 14. Denial of Service (DoS)
    1. Regex DoS (ReDoS)
    2. Logical DoS Vulnerabilities
    3. Distributed DoS (DDoS)
    4. Summary
  18. 15. Exploiting Third Party Dependencies
    1. Methods of Integration
      1. Branches and Forks
      2. Self Hosted Application Integrations
      3. Source Code Integration
    2. Package Managers
      1. JavaScript
      2. Java
      3. Other Languages
    3. Common Vulnerabilities and Exposures (CVE) Databases
    4. Summary
  19. 16. Summary
  20. III. Defense
  21. 17. Securing Modern Web Applications
    1. Defensive Software Architecture
    2. Comprehensive Code Reviews
    3. Vulnerability Discovery
    4. Vulnerability Analysis
    5. Vulnerability Management
    6. Regression Testing
    7. Mitigation Strategies
    8. Applied Recon and Offense Techniques
  22. 18. Secure Application Architecture
    1. Analyzing Feature Requirements
    2. Authentication & Authorization
      1. Secure Sockets Layer (SSL) & Transport Layer Security (TLS)
      2. Secure Credentials
      3. Hashing Credentials
      4. 2FA
    3. PII + Financial Data
    4. Searching
    5. Summary
  23. 19. Reviewing Code for Security
    1. How to Start a Code Review
    2. Archetypical Vulnerabilities Versus Custom Logic Bugs
    3. Where to Start a Security Review
    4. Secure-Coding Anti-Patterns
      1. Blacklists
      2. Boilerplate Code
      3. Trust-By-Default Anti-Pattern
      4. Client/Server Separation
    5. Summary
  24. 20. Vulnerability Discovery
    1. Security Automation
      1. Static Analysis
      2. Dynamic Analysis
      3. Vulnerability Regression Testing
    2. Responsible Disclosure Programs
    3. Bug Bounty Programs
    4. Third Party Penetration Testing
    5. Summary
  25. 21. Vulnerability Management
    1. Reproducing Vulnerabilities
    2. Ranking Vulnerability Severity
    3. Common Vulnerability Scoring System (CVSS)
      1. CVSS: Base Scoring
      2. CVSS: Temporal Scoring
      3. CVSS: Environmental Scoring
    4. Advanced Vulnerability Scoring
    5. Beyond Triage and Scoring
    6. Summary
  26. 22. Defending against XSS Attacks
    1. Anti-XSS Coding Best Practices
    2. Sanitizing User Input
      1. DOMParser Sink
      2. SVG Sink
      3. Blob Sink
      4. Sanitizing Hyperlinks
      5. HTML Entity Encoding
    3. CSS
    4. Content Security Policy (CSP) for XSS Prevention
      1. Script Source
      2. Unsafe Eval and Unsafe Inline
      3. Implementing a CSP Policy
    5. Summary
  27. 23. Defending against CSRF Attacks
    1. Header Verification
    2. CSRF Tokens
      1. Stateless CSRF Tokens
    3. Anti-CRSF Coding Best Practices
      1. Stateless GET Requests
      2. Application Wide CSRF Mitigation
    4. Summary
  28. 24. Defending against XXE
    1. Evaluating other Data Formats
    2. Advanced XXE Risks
    3. Summary
  29. 25. Defending against Injection
    1. Mitigating SQL Injection
      1. Detecting SQL Injection
      2. Prepared Statements
      3. Database Specific Defenses
    2. Generic Injection Defenses
      1. Potential Injection Targets
      2. Principal of Least Authority
      3. Whitelisting Commands
    3. Summary
  30. 26. Defending against DoS
    1. Protecting against REGEX DoS
    2. Protecting against Logical DoS
    3. Protecting against DDoS
      1. DDoS Mitigation
    4. Summary
  31. 27. Securing Third Party Dependencies
    1. Evaluating Dependency Trees
      1. Modeling a Dependency Tree
      2. Dependency Trees in the Real World
      3. Automated Evaluation
    2. Secure Integration Techniques
      1. Separation of Concerns
      2. Secure Package Management
    3. Summary
  32. 28. Summary
    1. The History of Software Security
    2. Web Application Reconnaissance
    3. Offense
    4. Defense
  33. 29. Conclusion
3.21.104.109