Web Security Testing Cookbook (Paperback) (網路安全測試食譜)

Paco Hope, Ben Walther

  • 出版商: O'Reilly
  • 出版日期: 2008-11-25
  • 定價: $1,320
  • 售價: 9.5$1,254
  • 貴賓價: 9.0$1,188
  • 語言: 英文
  • 頁數: 314
  • 裝訂: Paperback
  • ISBN: 0596514832
  • ISBN-13: 9780596514839
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite.

Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you:

  • Obtain, install, and configure useful-and free-security testing tools
  • Understand how your application communicates with users, so you can better simulate attacks in your tests
  • Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields
  • Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests

Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.

商品描述(中文翻譯)

在你對網頁應用程式進行的測試中,安全測試可能是最重要的,但往往也是最容易被忽略的。《Web安全測試食譜》中的範例展示了開發人員和測試人員如何在進行單元測試、回歸測試或探索性測試時檢查最常見的網頁安全問題。與臨時性的安全評估不同,這些範例是可重複、簡潔和系統化的,非常適合整合到你的常規測試套件中。

這些範例涵蓋了從觀察客戶端和伺服器之間的訊息到多階段測試(腳本化登錄和執行網頁應用程式功能)的基礎知識。通過閱讀本書,你將能夠建立針對Ajax功能的測試,以及針對常見攻擊方式(如跨站腳本和注入攻擊)的大型多步驟測試。本書幫助你:

- 獲取、安裝和配置有用且免費的安全測試工具
- 了解你的應用程式如何與使用者通信,以便在測試中更好地模擬攻擊
- 選擇多種不同的方法來模擬常見攻擊,如SQL注入、跨站腳本和操縱隱藏表單字段
- 通過使用範例中的腳本和示例作為自動化測試的起點,使你的測試可重複

不要活在對半夜的電話恐懼中,告訴你你的網站已被駭客入侵。通過《Web安全測試食譜》和本書示例中使用的免費工具,你可以將安全覆蓋範圍納入你的測試套件中,安心入眠。