新書推薦:
《
四十自述:中国现代传记文学的名篇代表之作(胡适回顾自己前四十年的成长轨迹与心路历程)
》
售價:HK$
78.2
《
特权与焦虑:全球化时代的韩国中产阶级
》
售價:HK$
90.9
《
供应链金融(第4版)
》
售價:HK$
113.9
《
人人都想当网红?新媒体与注意力博弈
》
售價:HK$
78.2
《
君主、道学与宋王朝
》
售價:HK$
90.9
《
李慈铭日记(全14册)
》
售價:HK$
3197.0
《
对话的力量,风靡全球的教练式沟通
》
售價:HK$
67.9
《
人的行为
》
售價:HK$
110.4
|
內容簡介: |
Thisbookisapracticalguidetodiscoveringandexploitingsecurityflawsinwebapplications.Theauthorsexplaineachcategoryofvulnerabilityusingreal-worldexamples,screenshotsandcodeextracts.Thebookisextremelypracticalinfocus,anddescribesindetailthestepsinvolvedindetectingandexploitingeachkindofsecurityweaknessfoundwithinavarietyofapplicationssuchasonlinebanking,e-commerceandotherwebapplications.Thetopicscoveredincludebypassingloginmechanisms,injectingcode,exploitinglogicflawsandcompromisingotherusers.Becauseeverywebapplicationisdifferent,attackingthementailsbringingtobearvariousgeneralprinciples,techniquesandexperienceinanimaginativeway.Themostsuccessfulhackersgobeyondthis,andfindwaystoautomatetheirbespokeattacks.Thishandbookdescribesaprovenmethodologythatcombinesthevirtuesofhumanintelligenceandcomputerizedbruteforce,oftenwithdevastatingresults.Theauthorsareprofessionalpenetrationtesterswhohavebeeninvolvedinwebapplicationsecurityfornearlyadecade.TheyhavepresentedtrainingcoursesattheBlackHatsecurityconferencesthroughouttheworld.UnderthealiasPortSwigger,DafydddevelopedthepopularBurpSuiteofwebapplicationhacktools.
|
關於作者: |
DafyddStuttardisaPrincipalSecurityConsultantatNextGenerationSecuritySoftware,whereheleadsthewebapplicationsecuritycompetency.Hehasnineyears''experienceinsecurityconsultingandspecializesinthepenetrationtestingofwebapplicationsandcompiledsoftware.Dafyddhasworkedwithnumerousbanks,retailers,andotherenterprisestohelpsecuretheirwebapplications,andhasprovidedsecurityconsultingtoseveralsoftwaremanufacturersandgovernmentstohelpsecuretheircompiledsoftware.Dafyddisanaccomplishedprogrammerinseverallanguages,andhisinterestsincludedevelopingtoolstofacilitateallkindsofsoftwaresecuritytesting.DafyddhasdevelopedandpresentedtrainingcoursesattheBlackHatsecurityconferencesaroundtheworld.UnderthealiasPortSwigger,DafyddcreatedthepopularBurpSuiteofwebapplicationhackingtools.Dafyddholdsmaster''sanddoctoratedegreesinphilosophyfromtheUniversityofOxford.
MarcusPintoisaPrincipalSecurityConsultantatNextGenerationSecuritySoftware,whereheleadsthedatabasecompetencydevelopmentteam,andhasleadthedevelopmentofNGS''primarytrainingcourses.Hehaseightyears''experienceinsecurityconsultingandspecializesinpenetrationtestingofwebapplicationsandsupportingarchitectures.Marcushasworkedwithnumerousbanks,retailers,andotherenterprisestohelpsecuretheirwebapplications,andhasprovidedsecurityconsultingtothedevelopmentprojectsofseveralsecurity-criticalapplications.Hehasworkedextensivelywithlarge-scalewebapplicationdeploymentsinthefinancialservicesindustry.MarcushasdevelopedandpresenteddatabaseandwebapplicationtrainingcoursesattheBlackHatandothersecurityconferencesaroundtheworld.Marcusholdsamaster''sdegreeinphysicsfromtheUniversityofCambridge.
|
|