Hack Proofing XML (XML 安全防護指南)

Larry Loeb, Jeremy Faircloth, Ken Ftu, Carter Everett, Curtis, Jr. Franklin

  • 出版商: Syngress Media
  • 出版日期: 2002-06-15
  • 定價: $1,750
  • 售價: 2.3$399
  • 語言: 英文
  • 頁數: 608
  • 裝訂: Paperback
  • ISBN: 1931836507
  • ISBN-13: 9781931836500
  • 相關分類: XML
  • 立即出貨(限量) (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Hack Proof Your XML Documents!

XML is quickly becoming the universal protocol for transferring information from site to site via HTTP. Whereas HTML will continue to be the language for displaying documents on the Internet, developers will find new and interesting ways to harness the power of XML to transmit, exchange, and manipulate data using XML. Validation of the XML document and of the messages going to that document is the first line of defense in hack proofing XML. The same properties that make XML a powerful language for defining data across systems make it vulnerable to attacks. More important, since many firewalls will pass XML data without filtering, a poorly constructed and invalidated document can constitute a serious system-level vulnerability. Hack Proofing® XML will show you the ins and outs of XML and .NET security.

  • Understand the Role of the Hacker
    Review hacking terms such as hacker, cracker, black hat, phreaks, and script kiddies and learn how to identify real threats.
  • Learn the Forms of Information Leakage
    See how banners, error messages, protocol analysis, and bad design can be used by attackers.
  • Build Well-Formed XML Documents
    Review the goals of XML and see how well-formed code will help protect you from hackers.
  • Learn About Plain-Text Attacks
    See how this type of attack is one of the most insidious tools hackers can use to compromise a database or application.
  • Apply XML Digital Signatures to Security
    The XML specification for digital signatures is flexible and gives you the ability to sign anything from a simple message embedded in a signature or a message that contains the signature within it or external resources.
  • Apply Encryption to XML
    Encryption in XML provides the essential elements of security: integrity of the document, confidentiality of content, and authentication.
  • Apply Role-Based Access Control Ideas in XML
    See how a secure operating system working in conjunction with a secure application provides the most hackproof design possible.
  • Learn the Risks Associated with Using XML
    See how .NET security can be a viable alternative for handling permissions, authentication and authorization.
  • Report Security Problems
    Determine when and to whom to report the problem and find rules for deciding how much detail to publish.
  • Register for Your 1 Year Upgrade
    The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!

Contents

Foreword

Chapter 1 The Zen of Hack Proofing

Chapter 2 Classes of Attack

Chapter 3 Reviewing the Fundamentals of XML

Chapter 4 Document Type: The Validation Gateway

Chapter 5 XML Digital Signatures

Chapter 6 Encryption in XML

Chapter 7 Role-Based Access Control

Ch

商品描述(中文翻譯)

保護您的 XML 文件免受駭客攻擊!

XML 正迅速成為通過 HTTP 在網站之間傳輸信息的通用協議。儘管 HTML 將繼續是在互聯網上顯示文件的語言,開發人員將找到新的有趣方式來利用 XML 的力量,使用 XML 來傳輸、交換和操作數據。驗證 XML 文件以及發送到該文件的消息是保護 XML 免受駭客攻擊的第一道防線。使 XML 成為定義系統間數據的強大語言的同時,也使其容易受到攻擊。更重要的是,由於許多防火牆會通過 XML 數據而不進行過濾,一個構造不良且未經驗證的文件可能構成嚴重的系統級漏洞。《防駭客 XML》將向您展示 XML 和 .NET 安全的內幕。

- 了解駭客的角色:回顧駭客、破解者、黑帽駭客、電話狂、腳本小子等駭客術語,並學習如何識別真正的威脅。
- 了解信息洩漏的形式:了解橫幅、錯誤消息、協議分析和糟糕設計如何被攻擊者利用。
- 構建格式良好的 XML 文件:回顧 XML 的目標,並了解格式良好的代碼如何幫助您防範駭客攻擊。
- 了解明文攻擊:了解這種攻擊是駭客用來破壞數據庫或應用程序的最隱蔽工具之一。
- 應用 XML 數字簽名進行安全保護:XML 數字簽名的規範靈活,使您能夠對包含在簽名中的簡單消息或包含簽名的消息或外部資源進行簽名。
- 對 XML 應用加密:XML 中的加密提供了安全的基本要素:文件的完整性、內容的機密性和身份驗證。
- 在 XML 中應用基於角色的訪問控制思想:了解安全操作系統與安全應用程序協同工作提供最安全的設計。
- 了解使用 XML 的風險:了解 .NET 安全可以成為處理權限、身份驗證和授權的可行替代方案。
- 報告安全問題:確定何時向誰報告問題,並找到決定發布多少細節的規則。
- 註冊您的 1 年升級:Syngress Solutions 升級計劃保護您免受內容過時的影響,並提供每月郵件、白皮書等。

目錄:
- 前言