XSS Attacks : Cross Site Scripting Exploits and Defense

Authors:Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager, Petko D. Petkov

Summary:A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data. Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next

eBook, English, 2014

Edition:View all formats and editions

Publisher: Elsevier Science, Burlington, 2014

Physical Description:1 online resource (479 pages)

ISBN:

9780080553405, 0080553400

OCLC Number / Unique Identifier:1048576711

Subjects:

Web sites Security measures

World Wide Web Security measures

Additional Physical Form Entry:

Print version:

XSS Attacks : Cross Site Scripting Exploits and Defense.

Fogie, Seth.

Contents:

Front Cover; XSS Attacks: Cross Site Scripting Exploits and Defense; Copyright Page; Contents; Chapter 1. Cross-site Scripting Fundamentals; Introduction; Web Application Security; XML and AJAX Introduction; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2. The XSS Discovery Toolkit; Introduction; Burp; Debugging DHTML With Firefox Extensions; Analyzing HTTP Traffic with Firefox Extensions; GreaseMonkey; Hacking with Bookmarklets; Using Technika; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 3. XSS Theory; Introduction; Getting XSS'ed. DOM-based XSS In DetailRedirection; CSRF; Flash, QuickTime, PDE Oh My; HTTP Response Injection; Source vs. DHTML Reality; Bypassing XSS Length Limitations; XSS Filter Evasion; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4. XSS Attack Methods; Introduction; History Stealing; Intranet Hacking; XSS Defacements; Summary; Solutions Fast Track; Frequently Asked Questions; References; Chapter 5. Advanced XSS Attack Vectors; Introduction; DNS Pinning; IMAP3; MHTML; Hacking JSON; Summary; Frequently Asked Questions; Chapter 6. XSS Exploited; Introduction. XSS vs. Firefox Password ManagerSeXXS Offenders; Equifraked; Owning the Cingular Xpress Mail User; Alternate XSS: Outside the BoXXS; XSS Old School- Windows Mobile PIE 4.2; XSSing Firefox Extensions; XSS Exploitation: Point-Click-Own with EZPhotoSales; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 7. Exploit Frameworks; Introduction; AttackAPI; BeEF; CAL9000; Overview of XSS-Proxy; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 8. XSS Worms; Introduction; Exponential XSS; XSS Warhol Worm; Linear XSS Worm; Samy Is My Hero; Summary; Solutions Fast Track. Frequently Asked QuestionsChapter 9. Preventing XSS Attacks; Introduction; Filtering; Input Encoding; Output Encoding; Web Browser's Security; Summary; Solutions Fast Track; Frequently Asked Questions; Appendix A The Owned List; Index

More Information:

Ebook Library