Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Contents The Web Application Hacker's Handbook
Chapter 1: Web Application (In)security
The Evolution of Web Applications Web Application Security Summary
Chapter 2: Core Defense Mechanisms
Handling User Access Handling User Input Handling Attackers Managing the Application Summary Questions
Chapter 3: Web Application Technologies
The HTTP Protocol Web Functionality Encoding Schemes Next Steps Questions
Chapter 4: Mapping the Application
Enumerating Content and Functionality Analyzing the Application Summary Questions
Chapter 5: Bypassing Client-Side Controls
Transmitting Data Via the Client Capturing User Data: HTML Forms Capturing User Data: Browser Extensions Handling Client-Side Data Securely Summary Questions
Chapter 6: Attacking Authentication
Authentication Technologies Design Flaws in Authentication Mechanisms Implementation Flaws in Authentication Securing Authentication Summary Questions
Chapter 7: Attacking Session Management
The Need for State Weaknesses in Token Generation Weaknesses in Session Token Handling Securing Session Management Summary Questions
Chapter 8: Attacking Access Controls
Common Vulnerabilities Attacking Access Controls Securing Access Controls Summary Questions
Chapter 9: Attacking Data Stores
Injecting into Interpreted Contexts Injecting into SQL Injecting into NoSQL Injecting into XPath Injecting into LDAP Summary Questions
Chapter 10: Attacking Back-End Components
Injecting OS Commands Manipulating File Paths Injecting into XML Interpreters Injecting into Back-end HTTP Requests Injecting into Mail Services Summary Questions
Chapter 11: Attacking Application Logic
The Nature of Logic Flaws Real-World Logic Flaws Avoiding Logic Flaws Summary Questions
Chapter 12: Attacking Users: Cross-Site Scripting
Varieties of XSS XSS Attacks in Action Finding and Exploiting XSS Vulnerabilities Preventing XSS Attacks Summary Questions
Chapter 13: Attacking Users: Other Techniques
Inducing User Actions Capturing Data Cross-Domain The Same-Origin Policy Revisited Other Client-Side Injection Attacks Local Privacy Attacks Attacking ActiveX Controls Attacking the Browser Summary Questions
Chapter 14: Automating Customized Attacks
Uses for Customized Automation Enumerating Valid Identifiers Harvesting Useful Data Fuzzing for Common Vulnerabilities Putting It All Together: Burp Intruder Barriers to Automation Summary Questions
Chapter 15: Exploiting Information Disclosure
Exploiting Error Messages Gathering Published Information Using Inference Preventing Information Leakage Summary Questions
Chapter 16: Attacking Native Compiled Applications
Buffer Overflow Vulnerabilities Integer Vulnerabilities Format String Vulnerabilities Summary Questions
Chapter 17: Attacking Application Architecture
Tiered Architectures Shared Hosting and Application Service Providers Summary Questions
Chapter 18: Attacking the Application Server
Vulnerable Server Configuration Vulnerable Server Software Web Application Firewalls Summary Questions
Chapter 19: Finding Vulnerabilities in Source Code
Approaches to Code Review Signatures of Common Vulnerabilities The Java Platform ASP.NET PHP Perl JavaScript Database Code Components Tools for Code Browsing Summary Questions
Chapter 20: A Web Application Hacker's Toolkit
Web Browsers Integrated Testing Suites Standalone Vulnerability Scanners Other Tools Summary
Chapter 21: A Web Application Hacker's Methodology
General Guidelines 1 Map the Application's Content 2 Analyze the Application 3 Test Client-Side Controls 4 Test the Authentication Mechanism 5 Test the Session Management Mechanism 6 Test Access Controls 7 Test for Input-Based Vulnerabilities 8 Test for Function-Specific Input Vulnerabilities 9 Test for Logic Flaws 10 Test for Shared Hosting Vulnerabilities 11 Test for Application Server Vulnerabilities 12 Miscellaneous Checks 13 Follow Up Any Information Leakage
Introduction
Malware Analyst's Cookbook and DVD
Title Page Copyright Dedication About the Authors Acknowledgments Introduction
Who Should Read This Book How This Book Is Organized Setting Up Your Environment Conventions
On The Book’s DVD Chapter 1: Anonymizing Your Activities
The Onion Router (Tor) Malware Research with Tor Tor Pitfalls Proxy Servers and Protocols Web-Based Anonymizers Alternate Ways to Stay Anonymous Cellular Internet Connections Virtual Private Networks Being Unique and Not Getting Busted
Chapter 2: Honeypots
Nepenthes Honeypots Working with Dionaea Honeypots
Chapter 3: Malware Classification
Classification with ClamAV Classification with YARA Putting It All Together
Chapter 4: Sandboxes and Multi-AV Scanners
Public Antivirus Scanners Multi-Antivirus Scanner Comparison Public Sandbox Analysis
Chapter 5: Researching Domains and IP Addresses
Researching Suspicious Domains Researching IP Addresses Researching with Passive DNS and Other Tools Fast Flux Domains Geo-Mapping IP Addresses
Chapter 6: Documents, Shellcode, and URLs
Analyzing JavaScript Analyzing PDF Documents Analyzing Malicious Office Documents Analyzing Network Traffic
Chapter 7: Malware Labs
Networking Physical Targets
Chapter 8: Automation
The Analysis Cycle Automation with Python Adding Analysis Modules Miscellaneous Systems
Chapter 9: Dynamic Analysis
API Monitoring/Hooking Data Preservation
Chapter 10: Malware Forensics
The Sleuth Kit (TSK) Forensic/Incident Response Grab Bag Registry Analysis
Chapter 11: Debugging Malware
Working with Debuggers Immunity Debugger’s Python API WinAppDbg Python Debugger
Chapter 12: De-obfuscation
Decoding Common Algorithms Decryption Unpacking Malware Unpacking Resources Debugger Scripting
Chapter 13: Working with DLLs Chapter 14: Kernel Debugging
Remote Kernel Debugging Local Kernel Debugging Software Requirements
Chapter 15: Memory Forensics with Volatility
Memory Acquisition Preparing a Volatility Install
Chapter 16: Memory Forensics: Code Injection and Extraction
Investigating DLLs Code Injection and the VAD Reconstructing Binaries
Chapter 17: Memory Forensics: Rootkits Chapter 18: Memory Forensics: Network and Registry
Registry Analysis
Index Wiley Publishing, Inc. End-User License Agreement
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion