Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Page Title Page Copyright Page About the Authors BRIEF CONTENTS CONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION
About This Book Who Should Read This Book A Brief History of the Internet What’s in This Book
1 LET’S HACK A WEBSITE
Software Exploits and the Dark Web How to Hack a Website
Part I: The Basics 2 HOW THE INTERNET WORKS
The Internet Protocol Suite Application Layer Protocols Stateful Connections Encryption Summary
3 HOW BROWSERS WORK
Web Page Rendering JavaScript Before and After Rendering: Everything Else the Browser Does Summary
4 HOW WEB SERVERS WORK
Static and Dynamic Resources Static Resources Dynamic Resources Summary
5 HOW PROGRAMMERS WORK
Phase 1: Design and Analysis Phase 2: Writing Code Phase 3: Pre-Release Testing Phase 4: The Release Process Phase 5: Post-Release Testing and Observation Dependency Management Summary
Part II: The Threats 6 INJECTION ATTACKS
SQL Injection Command Injection Remote Code Execution File Upload Vulnerabilities Summary
7 CROSS-SITE SCRIPTING ATTACKS
Stored Cross-Site Scripting Attacks Reflected Cross-Site Scripting Attacks DOM-Based Cross-Site Scripting Attacks Summary
8 CROSS-SITE REQUEST FORGERY ATTACKS
Anatomy of a CSRF Attack Mitigation 1: Follow REST Principles Mitigation 2: Implement Anti-CSRF Cookies Mitigation 3: Use the SameSite Cookie Attribute Bonus Mitigation: Require Reauthentication for Sensitive Actions Summary
9 COMPROMISING AUTHENTICATION
Implementing Authentication Mitigation 1: Use Third-Party Authentication Mitigation 2: Integrate with Single Sign-On Mitigation 3: Secure Your Own Authentication System Summary
10 SESSION HIJACKING
How Sessions Work How Attackers Hijack Sessions Summary
11 PERMISSIONS
Privilege Escalation Access Control Directory Traversal Summary
12 INFORMATION LEAKS
Mitigation 1: Disable Telltale Server Headers Mitigation 2: Use Clean URLs Mitigation 3: Use Generic Cookie Parameters Mitigation 4: Disable Client-Side Error Reporting Mitigation 5: Minify or Obfuscate Your JavaScript Files Mitigation 6: Sanitize Your Client-Side Files Stay on Top of Security Advisories Summary
13 ENCRYPTION
Encryption in the Internet Protocol Enabling HTTPS Attacking HTTP (and HTTPS) Summary
14 THIRD-PARTY CODE
Securing Dependencies Securing Configuration Securing the Services That You Use Services as an Attack Vector Summary
15 XML ATTACKS
The Uses of XML Validating XML XML Bombs XML External Entity Attacks Securing Your XML Parser Other Considerations Summary
16 DON’T BE AN ACCESSORY
Email Fraud Disguising Malicious Links in Email Clickjacking Server-Side Request Forgery Botnets Summary
17 DENIAL-OF-SERVICE ATTACKS
Denial-of-Service Attack Types Denial-of-Service Attack Mitigation Summary
18 SUMMING UP INDEX
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion