Stuttard et al., 2011 - Google Patents
The web application hacker's handbook: Finding and exploiting security flawsStuttard et al., 2011
View PDF- Document ID
- 3403086832717438369
- Author
- Stuttard D
- Pinto M
- Publication year
External Links
Snippet
The highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary …
- 238000000034 method 0 abstract description 87
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/06—Investment, e.g. financial instruments, portfolio management or fund management
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Stuttard et al. | The web application hacker's handbook: Finding and exploiting security flaws | |
| Andrews et al. | How to break web software: Functional and security testing of web applications and web services | |
| Calzavara et al. | Sub-session hijacking on the web: Root causes and prevention | |
| Pauli | The basics of web hacking: tools and techniques to attack the web | |
| Shema | Seven deadliest web application attacks | |
| Lepofsky | The manager's guide to web application security: a concise guide to the weaker side of the web | |
| Burrough | Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments | |
| Martirosyan | Security evaluation of web application vulnerability scanners strengths and limitations using custom web application | |
| Asemi | A Study On API Security Pentesting | |
| Alghofaili | Security Analysis of Open Source Content Management Systems Wordpress, Joomla, and Drupal | |
| Norberg | Advanced ASP .NET Core 3 Security | |
| McDonald | Grokking Web Application Security | |
| Adams et al. | Guide to Securing Scientific Software | |
| Leppänen | An evaluation of how web frameworks support developers to build secure applications | |
| Coelho | Psyment: Security Design and Implementation of a Psychological Assessment Supportive Web Platform | |
| Quinton | Safety of web applications: risks, encryption and handling vulnerabilities with PHP | |
| Stuttard et al. | Attack and Defend Computer Security Set | |
| Yergaliyev | Continuous security testing for an existing client-server application | |
| Alabdulrazzaq | Securing Web Applications: Web Application Flow Whitelisting to Improve Security | |
| De Ryck | Client-side web security: mitigating threats against web sessions | |
| Dorrans | Beginning ASP. NET Security | |
| Nadal Rivero | Improvement of security measures of a medical data management platform | |
| Sahu | Building Secure PHP Applications | |
| Hafström Fremlin et al. | Securing Sweden’s Digital Assets | |
| Daka | Strengthening web application security through technical measures. |