Hack Proofing XML (XML 安全防護指南)
Larry Loeb, Jeremy Faircloth, Ken Ftu, Carter Everett, Curtis, Jr. Franklin
- 出版商: Syngress Media
- 出版日期: 2002-06-15
- 定價: $1,750
- 售價: 2.3 折 $399
- 語言: 英文
- 頁數: 608
- 裝訂: Paperback
- ISBN: 1931836507
- ISBN-13: 9781931836500
-
相關分類:
XML
立即出貨(限量) (庫存=1)
買這商品的人也買了...
-
$860$817 -
$760$600 -
$650$553 -
$969The 8051 Microcontroller and Embedded Systems
-
$860$679 -
$560$437 -
$900$711 -
$690$538 -
$2,990$2,841 -
$3,790$3,601 -
$2,210$2,100 -
$1,090$1,068 -
$380$304 -
$120$95 -
$890$757 -
$620$527 -
$620$527 -
$280$218 -
$650$553 -
$580$493 -
$580$458 -
$280$221 -
$1,880$1,786 -
$2,380$2,261 -
$580$458
相關主題
商品描述
Hack Proof Your XML Documents!
XML is quickly becoming the universal protocol for transferring information from site to site via HTTP. Whereas HTML will continue to be the language for displaying documents on the Internet, developers will find new and interesting ways to harness the power of XML to transmit, exchange, and manipulate data using XML. Validation of the XML document and of the messages going to that document is the first line of defense in hack proofing XML. The same properties that make XML a powerful language for defining data across systems make it vulnerable to attacks. More important, since many firewalls will pass XML data without filtering, a poorly constructed and invalidated document can constitute a serious system-level vulnerability. Hack Proofing® XML will show you the ins and outs of XML and .NET security.
- Understand
the Role of the Hacker
Review hacking terms such as hacker, cracker, black hat, phreaks, and script kiddies and learn how to identify real threats. - Learn the
Forms of Information Leakage
See how banners, error messages, protocol analysis, and bad design can be used by attackers. - Build
Well-Formed XML Documents
Review the goals of XML and see how well-formed code will help protect you from hackers. - Learn About
Plain-Text Attacks
See how this type of attack is one of the most insidious tools hackers can use to compromise a database or application. - Apply XML
Digital Signatures to Security
The XML specification for digital signatures is flexible and gives you the ability to sign anything from a simple message embedded in a signature or a message that contains the signature within it or external resources. - Apply
Encryption to XML
Encryption in XML provides the essential elements of security: integrity of the document, confidentiality of content, and authentication. - Apply
Role-Based Access Control Ideas in XML
See how a secure operating system working in conjunction with a secure application provides the most hackproof design possible. - Learn the
Risks Associated with Using XML
See how .NET security can be a viable alternative for handling permissions, authentication and authorization. - Report
Security Problems
Determine when and to whom to report the problem and find rules for deciding how much detail to publish. - Register for
Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!
Contents
Foreword
Chapter 1 The Zen of
Hack Proofing
Chapter 2 Classes of
Attack
Chapter 3 Reviewing
the Fundamentals of XML
Chapter 4 Document
Type: The Validation Gateway
Chapter 5 XML
Digital Signatures
Chapter 6 Encryption
in XML
Chapter 7 Role-Based
Access Control
Ch
商品描述(中文翻譯)
保護您的 XML 文件免受駭客攻擊!
XML 正迅速成為通過 HTTP 在網站之間傳輸信息的通用協議。儘管 HTML 將繼續是在互聯網上顯示文件的語言,開發人員將找到新的有趣方式來利用 XML 的力量,使用 XML 來傳輸、交換和操作數據。驗證 XML 文件以及發送到該文件的消息是保護 XML 免受駭客攻擊的第一道防線。使 XML 成為定義系統間數據的強大語言的同時,也使其容易受到攻擊。更重要的是,由於許多防火牆會通過 XML 數據而不進行過濾,一個構造不良且未經驗證的文件可能構成嚴重的系統級漏洞。《防駭客 XML》將向您展示 XML 和 .NET 安全的內幕。
- 了解駭客的角色:回顧駭客、破解者、黑帽駭客、電話狂、腳本小子等駭客術語,並學習如何識別真正的威脅。
- 了解信息洩漏的形式:了解橫幅、錯誤消息、協議分析和糟糕設計如何被攻擊者利用。
- 構建格式良好的 XML 文件:回顧 XML 的目標,並了解格式良好的代碼如何幫助您防範駭客攻擊。
- 了解明文攻擊:了解這種攻擊是駭客用來破壞數據庫或應用程序的最隱蔽工具之一。
- 應用 XML 數字簽名進行安全保護:XML 數字簽名的規範靈活,使您能夠對包含在簽名中的簡單消息或包含簽名的消息或外部資源進行簽名。
- 對 XML 應用加密:XML 中的加密提供了安全的基本要素:文件的完整性、內容的機密性和身份驗證。
- 在 XML 中應用基於角色的訪問控制思想:了解安全操作系統與安全應用程序協同工作提供最安全的設計。
- 了解使用 XML 的風險:了解 .NET 安全可以成為處理權限、身份驗證和授權的可行替代方案。
- 報告安全問題:確定何時向誰報告問題,並找到決定發布多少細節的規則。
- 註冊您的 1 年升級:Syngress Solutions 升級計劃保護您免受內容過時的影響,並提供每月郵件、白皮書等。
目錄:
- 前言