{"product_id":"web-application-defenders-cookbook-9781118362181","title":"Web Application Defenders Cookbook","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eDefending your web applications against hackers and attackers\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe top-selling book \u003ci\u003eWeb Application Hacker''s Handbook\u003c\/i\u003e showed how attackers and hackers identify and attack vulnerable live web applications. This new \u003ci\u003eWeb Application Defender''s Cookbook\u003c\/i\u003e is the perfect counterpoint to that book: it shows you how to \u003ci\u003edefend\u003c\/i\u003e. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.\u003c\/p\u003e \u003cp\u003eEach recipe shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eProvides practical tactics for detecting web attacks and malicious behavior an\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003eFor those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook. (RSA Conference, Jan 2013)\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eForeword xix\u003c\/p\u003e \u003cp\u003eIntroduction xxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eI Preparing the Battle Space 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Application Fortification 7\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 1-1: Real-time Application Profiling 7\u003c\/p\u003e \u003cp\u003eRecipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens 15\u003c\/p\u003e \u003cp\u003eRecipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS) 19\u003c\/p\u003e \u003cp\u003eRecipe 1-4: Integrating Intrusion Detection System Signatures 33\u003c\/p\u003e \u003cp\u003eRecipe 1-5: Using Bayesian Attack Payload Detection 38\u003c\/p\u003e \u003cp\u003eRecipe 1-6: Enable Full HTTP Audit Logging 48\u003c\/p\u003e \u003cp\u003eRecipe 1-7: Logging Only Relevant Transactions 52\u003c\/p\u003e \u003cp\u003eRecipe 1-8: Ignoring Requests for Static Content 53\u003c\/p\u003e \u003cp\u003eRecipe 1-9: Obscuring Sensitive Data in Logs 54\u003c\/p\u003e \u003cp\u003eRecipe 1-10: Sending Alerts to a Central Log Host Using Syslog 58\u003c\/p\u003e \u003cp\u003eRecipe 1-11: Using the ModSecurity AuditConsole 60\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Vulnerability Identification and Remediation 67\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 2-1: Passive Vulnerability Identification 70\u003c\/p\u003e \u003cp\u003eRecipe 2-2: Active Vulnerability Identification 79\u003c\/p\u003e \u003cp\u003eRecipe 2-3: Manual Scan Result Conversion 88\u003c\/p\u003e \u003cp\u003eRecipe 2-4: Automated Scan Result Conversion 92\u003c\/p\u003e \u003cp\u003eRecipe 2-5: Real-time Resource Assessments and Virtual Patching 99\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Poisoned Pawns (Hacker Traps) 115\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 3-1: Adding Honeypot Ports 116\u003c\/p\u003e \u003cp\u003eRecipe 3-2: Adding Fake robots.txt Disallow Entries 118\u003c\/p\u003e \u003cp\u003eRecipe 3-3: Adding Fake HTML Comments 123\u003c\/p\u003e \u003cp\u003eRecipe 3-4: Adding Fake Hidden Form Fields 128\u003c\/p\u003e \u003cp\u003eRecipe 3-5: Adding Fake Cookies 131\u003c\/p\u003e \u003cp\u003e\u003cb\u003eII Asymmetric Warfare 137\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Reputation and Third-Party Correlation 139\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 4-1: Analyzing the Client’s Geographic Location Data 141\u003c\/p\u003e \u003cp\u003eRecipe 4-2: Identifying Suspicious Open Proxy Usage?@147\u003c\/p\u003e \u003cp\u003eRecipe 4-3: Utilizing Real-time Blacklist Lookups (RBL) 150\u003c\/p\u003e \u003cp\u003eRecipe 4-4: Running Your Own RBL 157\u003c\/p\u003e \u003cp\u003eRecipe 4-5: Detecting Malicious Links 160\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Request Data Analysis 171\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 5-1: Request Body Access 172\u003c\/p\u003e \u003cp\u003eRecipe 5-2: Identifying Malformed Request Bodies 178\u003c\/p\u003e \u003cp\u003eRecipe 5-3: Normalizing Unicode 182\u003c\/p\u003e \u003cp\u003eRecipe 5-4: Identifying Use of Multiple Encodings 186\u003c\/p\u003e \u003cp\u003eRecipe 5-5: Identifying Encoding Anomalies 189\u003c\/p\u003e \u003cp\u003eRecipe 5-6: Detecting Request Method Anomalies 193\u003c\/p\u003e \u003cp\u003eRecipe 5-7: Detecting Invalid URI Data 197\u003c\/p\u003e \u003cp\u003eRecipe 5-8: Detecting Request Header Anomalies 200\u003c\/p\u003e \u003cp\u003eRecipe 5-9: Detecting Additional Parameters 209\u003c\/p\u003e \u003cp\u003eRecipe 5-10: Detecting Missing Parameters 212\u003c\/p\u003e \u003cp\u003eRecipe 5-11: Detecting Duplicate Parameter Names 214\u003c\/p\u003e \u003cp\u003eRecipe 5-12: Detecting Parameter Payload Size Anomalies 216\u003c\/p\u003e \u003cp\u003eRecipe 5-13: Detecting Parameter Character Class Anomalies 219\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Response Data Analysis 223\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 6-1: Detecting Response Header Anomalies 224\u003c\/p\u003e \u003cp\u003eRecipe 6-2: Detecting Response Header Information Leakages 234\u003c\/p\u003e \u003cp\u003eRecipe 6-3: Response Body Access 238\u003c\/p\u003e \u003cp\u003eRecipe 6-4: Detecting Page Title Changes 240\u003c\/p\u003e \u003cp\u003eRecipe 6-5: Detecting Page Size Deviations 243\u003c\/p\u003e \u003cp\u003eRecipe 6-6: Detecting Dynamic Content Changes 246\u003c\/p\u003e \u003cp\u003eRecipe 6-7: Detecting Source Code Leakages 249\u003c\/p\u003e \u003cp\u003eRecipe 6-8: Detecting Technical Data Leakages 253\u003c\/p\u003e \u003cp\u003eRecipe 6-9: Detecting Abnormal Response Time Intervals 256\u003c\/p\u003e \u003cp\u003eRecipe 6-10: Detecting Sensitive User Data Leakages 259\u003c\/p\u003e \u003cp\u003eRecipe 6-11: Detecting Trojan, Backdoor, and Webshell Access Attempts 262\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Defending Authentication 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 7-1: Detecting the Submission of Common\/Default Usernames 266\u003c\/p\u003e \u003cp\u003eRecipe 7-2: Detecting the Submission of Multiple Usernames 269\u003c\/p\u003e \u003cp\u003eRecipe 7-3: Detecting Failed Authentication Attempts 272\u003c\/p\u003e \u003cp\u003eRecipe 7-4: Detecting a High Rate of Authentication Attempts 274\u003c\/p\u003e \u003cp\u003eRecipe 7-5: Normalizing Authentication Failure Details 280\u003c\/p\u003e \u003cp\u003eRecipe 7-6: Enforcing Password Complexity 283\u003c\/p\u003e \u003cp\u003eRecipe 7-7: Correlating Usernames with SessionIDs 286\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Defending Session State 291\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 8-1: Detecting Invalid Cookies 291\u003c\/p\u003e \u003cp\u003eRecipe 8-2: Detecting Cookie Tampering 297\u003c\/p\u003e \u003cp\u003eRecipe 8-3: Enforcing Session Timeouts 302\u003c\/p\u003e \u003cp\u003eRecipe 8-4: Detecting Client Source Location Changes During Session Lifetime 307\u003c\/p\u003e \u003cp\u003eRecipe 8-5: Detecting Browser Fingerprint Changes During Sessions 314\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Preventing Application Attacks 323\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 9-1: Blocking Non-ASCII Characters 323\u003c\/p\u003e \u003cp\u003eRecipe 9-2: Preventing Path-Traversal Attacks 327\u003c\/p\u003e \u003cp\u003eRecipe 9-3: Preventing Forceful Browsing Attacks 330\u003c\/p\u003e \u003cp\u003eRecipe 9-4: Preventing SQL Injection Attacks 332\u003c\/p\u003e \u003cp\u003eRecipe 9-5: Preventing Remote File Inclusion (RFI) Attacks 336\u003c\/p\u003e \u003cp\u003eRecipe 9-6: Preventing OS Commanding Attacks 340\u003c\/p\u003e \u003cp\u003eRecipe 9-7: Preventing HTTP Request Smuggling Attacks 342\u003c\/p\u003e \u003cp\u003eRecipe 9-8: Preventing HTTP Response Splitting Attacks 345\u003c\/p\u003e \u003cp\u003eRecipe 9-9: Preventing XML Attacks 347\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Preventing Client Attacks 353\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 10-1: Implementing Content Security Policy (CSP) 353\u003c\/p\u003e \u003cp\u003eRecipe 10-2: Preventing Cross-Site Scripting (XSS) Attacks 362\u003c\/p\u003e \u003cp\u003eRecipe 10-3: Preventing Cross-Site Request Forgery (CSRF) Attacks 371\u003c\/p\u003e \u003cp\u003eRecipe 10-4: Preventing UI Redressing (Clickjacking) Attacks 377\u003c\/p\u003e \u003cp\u003eRecipe 10-5: Detecting Banking Trojan (Man-in-the-Browser) Attacks 381\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Defending File Uploads 387\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 11-1: Detecting Large File Sizes 387\u003c\/p\u003e \u003cp\u003eRecipe 11-2: Detecting a Large Number of Files 389\u003c\/p\u003e \u003cp\u003eRecipe 11-3: Inspecting File Attachments for Malware 390\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Enforcing Access Rate and Application Flows 395\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 12-1: Detecting High Application Access Rates 395\u003c\/p\u003e \u003cp\u003eRecipe 12-2: Detecting Request\/Response Delay Attacks 405\u003c\/p\u003e \u003cp\u003eRecipe 12-3: Identifying Inter-Request Time Delay Anomalies 411\u003c\/p\u003e \u003cp\u003eRecipe 12-4: Identifying Request Flow Anomalies 413\u003c\/p\u003e \u003cp\u003eRecipe 12-5: Identifying a Significant Increase in Resource Usage 414\u003c\/p\u003e \u003cp\u003e\u003cb\u003eIII Tactical Response 419\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Passive Response Actions 421\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 13-1: Tracking Anomaly Scores 421\u003c\/p\u003e \u003cp\u003eRecipe 13-2: Trap and Trace Audit Logging 427\u003c\/p\u003e \u003cp\u003eRecipe 13-3: Issuing E-mail Alerts 428\u003c\/p\u003e \u003cp\u003eRecipe 13-4: Data Sharing with Request Header Tagging 436\u003c\/p\u003e \u003cp\u003e\u003cb\u003e14 Active Response Actions 441\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 14-1: Using Redirection to Error Pages 442\u003c\/p\u003e \u003cp\u003eRecipe 14-2: Dropping Connections 445\u003c\/p\u003e \u003cp\u003eRecipe 14-3: Blocking the Client Source Address 447\u003c\/p\u003e \u003cp\u003eRecipe 14-4: Restricting Geolocation Access Through Defense Condition\u003c\/p\u003e \u003cp\u003e(DefCon) Level Changes 452\u003c\/p\u003e \u003cp\u003eRecipe 14-5: Forcing Transaction Delays 455\u003c\/p\u003e \u003cp\u003eRecipe 14-6: Spoofing Successful Attacks 462\u003c\/p\u003e \u003cp\u003eRecipe 14-7: Proxying Traffic to Honeypots 468\u003c\/p\u003e \u003cp\u003eRecipe 14-8: Forcing an Application Logout 471\u003c\/p\u003e \u003cp\u003eRecipe 14-9: Temporarily Locking Account Access 476\u003c\/p\u003e \u003cp\u003e\u003cb\u003e15 Intrusive Response Actions 479\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRecipe 15-1: JavaScript Cookie Testing 479\u003c\/p\u003e \u003cp\u003eRecipe 15-2: Validating Users with CAPTCHA Testing 481\u003c\/p\u003e \u003cp\u003eRecipe 15-3: Hooking Malicious Clients with BeEF 485\u003c\/p\u003e \u003cp\u003eIndex 495\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"John Wiley \u0026 Sons","offers":[{"title":"Default Title","offer_id":53186828992855,"sku":"9781118362181","price":30.39,"currency_code":"GBP","in_stock":true}],"url":"https:\/\/bookcurl.com\/products\/web-application-defenders-cookbook-9781118362181","provider":"Book Curl","version":"1.0","type":"link"}