LEADER 00000cam a2200985 a 4500 001 871225516 003 OCoLC 005 20240129213017.0 006 m o d 007 cr cnu---unuuu 008 140301s2014 inua ob 001 0 eng d 016 7 016608794|2Uk 019 883141254|a884810327|a961654795|a962636976|a966385632 |a1055368257|a1065696516|a1081208303|a1103266448 |a1129356206|a1153014062|a1162082284|a1192345702 |a1295595362|a1300647269|a1303374342 020 9781118662106|q(electronic bk.) 020 1118662105|q(electronic bk.) 020 9781118914359|q(electronic bk.) 020 111891435X|q(electronic bk.) 020 9781306473446|q(MyiLibrary) 020 1306473446|q(MyiLibrary) 020 9781118662090|q(pbk.) 020 1118662091|q(pbk.) 029 1 AU@|b000058029760 029 1 AU@|b000062533357 029 1 DEBBG|bBV042031145 029 1 DEBBG|bBV043607985 029 1 DEBSZ|b405664737 029 1 DEBSZ|b414187342 029 1 NZ1|b15590834 035 (OCoLC)871225516|z(OCoLC)883141254|z(OCoLC)884810327 |z(OCoLC)961654795|z(OCoLC)962636976|z(OCoLC)966385632 |z(OCoLC)1055368257|z(OCoLC)1065696516|z(OCoLC)1081208303 |z(OCoLC)1103266448|z(OCoLC)1129356206|z(OCoLC)1153014062 |z(OCoLC)1162082284|z(OCoLC)1192345702|z(OCoLC)1295595362 |z(OCoLC)1300647269|z(OCoLC)1303374342 037 51968B98-C2E3-457B-8AC5-603D813916D8|bOverDrive, Inc. |nhttp://www.overdrive.com 040 EBLCP|beng|epn|cEBLCP|dIDEBK|dMHW|dOCLCQ|dN$T|dOCLCO|dTEF |dE7B|dTEFOD|dDEBSZ|dOCLCO|dCDX|dDOS|dCOO|dYDXCP|dUMI |dDEBBG|dB24X7|dOCLCQ|dK6U|dRECBK|dTEFOD|dOCLCQ|dOCLCO |dCNNOR|dMOR|dPIFAG|dZCU|dLIV|dMERUC|dOCLCQ|dYT1|dOCLCQ |dU3W|dBUF|dSTF|dOCLCF|dCEF|dNRAMU|dICG|dVTS|dOCLCQ|dNTG |dINT|dVT2|dAU@|dOCLCQ|dWYU|dG3B|dTKN|dOCLCQ|dUAB|dDKC |dOCLCQ|dUKAHL|dOCLCQ|dVLY|dBRF|dCZL|dOCLCO|dOCLCQ|dOCLCO |dOCLCL 049 INap 082 04 005.8 082 04 005.8|223 099 eBook O'Reilly for Public Libraries 100 1 Alcorn, Wade. 245 14 The Browser Hacker's Handbook /|cWade Alcorn, Christian Frichot, Michele Orrù.|h[O'Reilly electronic resource] 260 Indianapolis, IN :|bWiley,|c©2014. 264 4 |c©2014 300 1 online resource (xxi, 626 pages) :|billustrations 336 text|btxt|2rdacontent 337 computer|bc|2rdamedia 338 online resource|bcr|2rdacarrier 347 text file 504 Includes bibliographical references and index. 505 0 Web Browser Security -- Initiating Control -- Retaining Control -- Bypassing the Same Origin Policy -- Attacking Users -- Attacking Browsers -- Attacking Extensions -- Attacking Plugins -- Attacking Web Applications -- Attacking Networks -- Epilogue: Final Thoughts. 505 0 Copyright; About the Authors; About the Contributing Authors; About the Technical Editor; Credits; Acknowledgments; Contents; Introduction; Chapter 1: Web Browser Security; A Principal Principle; Exploring the Browser; Symbiosis with the Web Application; Same Origin Policy; HTTP Headers; Markup Languages; HTML; XML; Cascading Style Sheets; Scripting; JavaScript; VBScript; Document Object Model; Rendering Engines; WebKit; Trident; Gecko; Presto; Blink; Geolocation; Web Storage; Cross- origin Resource Sharing; HTML5; WebSocket; Web Workers; History Manipulation; WebRTC; Vulnerabilities. 505 8 Evolutionary Pressures HTTP Headers; Content Security Policy; Secure Cookie Flag; HttpOnly Cookie Flag; X- Content-Type-Options; Strict-Transport-Security; X-Frame- Options; Reflected XSS Filtering; Sandboxing; Browser Sandboxing; IFrame Sandboxing; Anti-phishing and Anti- malware; Mixed Content; Core Security Problems; Attack Surface; Rate of Change; Silent Updating; Extensions; Plugins; Surrendering Control; TCP Protocol Control; Encrypted Communication; Same Origin Policy; Fallacies; Robustness Principle Fallacy; External Security Perimeter Fallacy; Browser Hacking Methodology; Initiating. 505 8 Retaining Attacking; Summary; Questions; Notes; Chapter 2: Initiating Control; Understanding Control Initiation; Control Initiation Techniques; Using Cross-site Scripting Attacks; Reflected Cross-site Scripting; Stored Cross-site Scripting; DOM Cross-site Scripting; Universal Cross-site Scripting; XSS Viruses; Bypassing XSS Controls; Using Compromised Web Applications; Using Advertising Networks; Using Social Engineering Attacks; Phishing Attacks; Baiting; Anti-Phishing Controls; Using Man-in-the-Middle Attacks; Man-in-the-Browser; Wireless Attacks; ARP Spoofing; DNS Poisoning. 505 8 Exploiting Caching Summary; Questions; Notes; Chapter 3: Retaining Control; Understanding Control Retention; Exploring Communication Techniques; Using XMLHttpRequest Polling; Using Cross-origin Resource Sharing; Using WebSocket Communication; Using Messaging Communication; Using DNS Tunnel Communication; Exploring Persistence Techniques; Using IFrames; Using Full Browser Frame Overlay; Using Browser Events; Using Pop-Under Windows; Using Man-in-the-Browser Attacks; Hijacking AJAX Calls; Hijacking Non-AJAX Requests; Evading Detection; Evasion using Encoding; Base64 Encoding; Whitespace Encoding. 505 8 Non-alphanumeric JavaScript Evasion using Obfuscation; Random Variables and Methods; Mixing Object Notations; Time Delays; Mixing Content from Another Context; Using the callee Property; Evasion using JavaScript Engines Quirks; Summary; Questions; Notes; Chapter 4: Bypassing the Same; Understanding the Same Origin Policy; Understanding the SOP with the DOM; Understanding the SOP with CORS; Understanding the SOP with Plugins; Understanding the SOP with UI Redressing; Understanding the SOP with Browser History; Exploring SOP Bypasses; Bypassing SOP in Java; Bypassing SOP in Adobe Reader. Bypassing SOP in Adobe Flash. 520 Hackers exploit browser vulnerabilities to attack deep within networks. The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods. The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. The Browser Hacker's Handbook thoroughly covers complex security issues and explores relevant topics such as: Bypassing the Same Origin Policy; ARP spoofing, social engineering, and phishing to access browsers; DNS tunneling, attacking web applications, and proxying--all from the browser; Exploiting the browser and its ecosystem (plugins and extensions); Cross-origin attacks, including Inter-protocol Communication and Exploitation. The Browser Hacker's Handbook is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.--|cPublisher description 546 English. 588 0 Print version record. 590 O'Reilly|bO'Reilly Online Learning: Academic/Public Library Edition 650 0 Browsers (Computer programs)|xSecurity measures. 650 0 Computer networks|xSecurity measures. 650 0 Computer networks|xAccess control. 650 6 Navigateurs (Logiciels)|xSécurité|xMesures. 650 6 Réseaux d'ordinateurs|xSécurité|xMesures. 650 7 Computer networks|xAccess control|2fast 650 7 Computer networks|xSecurity measures|2fast 655 7 Handbooks and manuals|2fast 700 1 Frichot, Christian. 700 1 Orrù, Michele. 776 08 |iPrint version:|aAlcorn, Wade.|tBrowser hacker's handbook.|dIndianapolis, IN : Wiley, [2014]|z9781118662090 |w(OCoLC)858361563 856 40 |uhttps://ezproxy.naperville-lib.org/login?url=https:// learning.oreilly.com/library/view/~/9781118662090/?ar |zAvailable on O'Reilly for Public Libraries 938 Askews and Holts Library Services|bASKH|nAH26202949 938 Askews and Holts Library Services|bASKH|nAH26187056 938 Books 24x7|bB247|nbks00063750 938 Coutts Information Services|bCOUT|n27593039 938 EBL - Ebook Library|bEBLB|nEBL1641459 938 ebrary|bEBRY|nebr10842312 938 EBSCOhost|bEBSC|n709427 938 ProQuest MyiLibrary Digital eBook Collection|bIDEB |ncis27593039 938 Recorded Books, LLC|bRECE|nrbeEB00595822 938 YBP Library Services|bYANK|n11683504 994 92|bJFN