Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Jeremiah Grossman, Ryan C. Barnett
Web Application Defender's Cookbook
Part I: Preparing the Battle Space
Chapter 1: Application Fortification
Recipe 1-1: Real-time Application Profiling
Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens
Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS)
Recipe 1-4: Integrating Intrusion Detection System Signatures
Recipe 1-5: Using Bayesian Attack Payload Detection
HTTP Audit Logging
Recipe 1-6: Enable Full HTTP Audit Logging
Recipe 1-7: Logging Only Relevant Transactions
Recipe 1-8: Ignoring Requests for Static Content
Recipe 1-9: Obscuring Sensitive Data in Logs
Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog
Recipe 1-11: Using the ModSecurity AuditConsole
Chapter 3: Poisoned Pawns (Hacker Traps)
Honeytrap Concepts
Recipe 3-1: Adding Honeypot Ports
Recipe 3-2: Adding Fake robots.txt Disallow Entries
Recipe 3-3: Adding Fake HTML Comments
Recipe 3-4: Adding Fake Hidden Form Fields
Recipe 3-5: Adding Fake Cookies
Part II: Asymmetric Warfare
Chapter 4: Reputation and Third-Party Correlation
Suspicious Source Identification
Recipe 4-1: Analyzing the Client's Geographic Location Data
Recipe 4-2: Identifying Suspicious Open Proxy Usage
Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL)
Recipe 4-4: Running Your Own RBL
Recipe 4-5: Detecting Malicious Links
Chapter 5: Request Data Analysis
Request Data Acquisition
Recipe 5-1: Request Body Access
Recipe 5-2: Identifying Malformed Request Bodies
Recipe 5-3: Normalizing Unicode
Recipe 5-4: Identifying Use of Multiple Encodings
Recipe 5-5: Identifying Encoding Anomalies
Input Validation Anomalies
Recipe 5-6: Detecting Request Method Anomalies
Recipe 5-7: Detecting Invalid URI Data
Recipe 5-8: Detecting Request Header Anomalies
Recipe 5-9: Detecting Additional Parameters
Recipe 5-10: Detecting Missing Parameters
Recipe 5-11: Detecting Duplicate Parameter Names
Recipe 5-12: Detecting Parameter Payload Size Anomalies
Recipe 5-13: Detecting Parameter Character Class Anomalies
Chapter 6: Response Data Analysis
Recipe 6-1: Detecting Response Header Anomalies
Recipe 6-2: Detecting Response Header Information Leakages
Recipe 6-3: Response Body Access
Recipe 6-4: Detecting Page Title Changes
Recipe 6-5: Detecting Page Size Deviations
Recipe 6-6: Detecting Dynamic Content Changes
Recipe 6-7: Detecting Source Code Leakages
Recipe 6-8: Detecting Technical Data Leakages
Recipe 6-9: Detecting Abnormal Response Time Intervals
Recipe 6-10: Detecting Sensitive User Data Leakages
Recipe 6-11: Detecting Trojan, Backdoor, and Webshell Access Attempts
Chapter 7: Defending Authentication
Recipe 7-1: Detecting Response Header Anomalies
Recipe 7-2: Detecting the Submission of Multiple Usernames
Recipe 7-3: Detecting Failed Authentication Attempts
Recipe 7-4: Detecting a High Rate of Authentication Attempts
Recipe 7-5: Normalizing Authentication Failure Details
Recipe 7-6: Enforcing Password Complexity
Recipe 7-7: Correlating Usernames with SessionIDs
Chapter 9: Preventing Application Attacks
Recipe 9-1: Blocking Non-ASCII Characters
Recipe 9-2: Preventing Path-Traversal Attacks
Recipe 9-3: Preventing Forceful Browsing Attacks
Recipe 9-4: Preventing SQL Injection Attacks
Recipe 9-5: Preventing Remote File Inclusion (RFI) Attacks
Recipe 9-6: Preventing OS Commanding Attacks
Recipe 9-7: Preventing HTTP Request Smuggling Attacks
Recipe 9-8: Preventing HTTP Response Splitting Attacks
Recipe 9-9: Preventing XML Attacks
Chapter 11: Defending File Uploads
Recipe 11-1: Detecting Large File Sizes
Recipe 11-2: Detecting a Large Number of Files
Recipe 11-3: Inspecting File Attachments for Malware
Chapter 12: Enforcing Access Rate and Application Flows
Recipe 12-1: Detecting High Application Access Rates
Recipe 12-2: Detecting Request/Response Delay Attacks
Recipe 12-3: Identifying Inter-Request Time Delay Anomalies
Recipe 12-4: Identifying Request Flow Anomalies
Recipe 12-5: Identifying a Significant Increase in Resource Usage
Part III: Tactical Response
Chapter 13: Passive Response Actions
Recipe 13-1: Tracking Anomaly Scores
Recipe 13-2: Trap and Trace Audit Logging
Recipe 13-3: Issuing E-mail Alerts
Recipe 13-4: Data Sharing with Request Header Tagging
Chapter 15: Intrusive Response Actions
Recipe 15-1: JavaScript Cookie Testing
Recipe 15-2: Validating Users with CAPTCHA Testing
Recipe 15-3: Hooking Malicious Clients with BeEF
Frontmatter
Introduction
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Table of Contents
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset