Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

• Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems
• Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET
• Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport
• See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques
• Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse
• Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures
• Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud
• Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

About the Authors

Joel Scambray, CISSP, has over 15 years of information security experience, including senior management roles at Microsoft and Ernst & Young, co-founder of Foundstone, technical consultant for Fortune 500 enterprises, and co-author of the best-selling Hacking Exposed book series.

Mike Shema is the CSO of NT Objectives and has made web application security presentations at numerous security conferences. He has conducted security reviews for a wide variety of web technologies and developed training material for application security courses. He is also a co-author of Anti-Hacker Toolkit.

Caleb Sima is the co-founder and CTO of SPI Dynamics, a web application security products company, and has over 12 years of security experience. His pioneering efforts and expertise in web security have helped define the direction the web application security industry has taken. Caleb is a frequent speaker and expert resource for the press on Internet attacks and has been featured in the Associated Press. He is also a contributing author to various magazines and online columns. Caleb is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).