Ajax Security
Hier finden Sie ergänzende Informationen zu meinem bei entwickler.press erschienenen Buch "Ajax Security".
Literaturverzeichnis
- Alco_07
- Wade Alcorn
Browser Exploitation Framework BeEF - c0d3_07
- c0d3walk3r
Here is the decoded version of the above Orkut worm - Cart_06
- Ryan Cartner
Defeating Dean Edwards' Javascript Packer - Chie_06
- Eric Chien
Malicious Yahooligans (PDF)
Symantec Security Response, 2006 - ChOW_07
- Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West
JavaScript Hijacking
Fortify Software, 2007 - CIS_06
- CIS Finds Flaws in Firefox v2 Password Manager
- dpl_08
- The Default Password List
- Edwa_07
- Dean Edwards Javascript Packer
- Esse_06
- Stefan Esser
PHP Security Blog: JavaScript/HTML Portscanning and HTTP Auth - Font_05
- Antonio Fontes
myspace hack (readable javascript code )
Mail auf der Mailinglist Web Application Security, 14.10.2005 - GNUC_06a
- GNUCITIZEN JavaScript Port Scanner
- GNUC_06b
- GNUCITIZEN JavaScript Port Scanner Quelltext
- GNUC_06c
- GNUCITIZEN AttackAPI
- GNUC_06d
- GNUCITIZEN JavaScript Address Info
- GNUC_07
- GNUCITIZEN The Orkut XSS Worm
- HoKS_02
- Allen Householder, Brian King, Ken Silva
Securing an Internet Name Server (PDF)
CERT Coordination Center, Carnegie Mellon University 2002 - ISC_06
- Internet Storm Center
Yahoo! mass-mailer - Klei_04
- Amit Klein
"Divide and Conquer" - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics (PDF)
Whitepaper, Sanctum, Inc. 2004 - Klei_05
- Amit Klein
Technical Note: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Level
Mail auf der Mailinglist Bugtraq, 15.08.2005 - Klei_05a
- Amit Klein
DOM Based Cross Site Scripting or XSS of the Third Kind
Web Application Security Consortium, 2005 - Klei_06
- Amit Klein
Forging HTTP request headers with Flash
Mail auf der Mailinglist Bugtraq, 24. Juli 2006
Korrektur dazu
Mail auf der Mailinglist Bugtraq, 26. Juli 2006 - LKHO_05
- Chaim Linhart, Amit Klein, Ronen Heled, Steve Orrin
HTTP Request Smuggling
Whitepaper, Watchfire Corporation, 2005 - Madr_03
- David F. Madrid
Using Java from Javascript
Mail auf der Mailinglist NT-Bugtraq, 01.04.2003 - Mozi_06
- Mozilla Foundation
Bug 360493 (CVE-2006-6077) – Cross-Site Forms + Password Manager = Security Failure - Mozi_07
- Mozilla Foundation
MFSA 2007-02: Improvements to help protect against Cross-Site Scripting attacks - Peth_03
- Richard D. Pethia
Viruses and Worms: What Can We Do About Them?
Carnegie Mellon University, 2003 - RSna_08a
- RSnake
XSS (Cross Site Scripting) Cheat Sheet - RSna_08b
- RSnake
Diminutive XSS Worm Replication Contest - RSna_08c
- RSnake
XSS Worm Analysis And Defense - Russ_07
- Ryan Russell
Orkut "virus" - Sard_07
- Deepak Sarda
Sounds From The Dungeon: Orkut XSS - Samy_05
- Samy
Technical explanation of The MySpace Worm - Secu_06
- Security Lab
George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment - sla_08
- sla.ckers.org web application security forum
Diminutive XSS Worm Replication Contest - SPI_06
- SPI Labs
Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript - Syma_07
- Symantec Internet Security Threat Report (1. Jahreshälfte 2007) (PDF)
- W3C_05
- W3C XML Encryption WG
- W3C_06
- W3C XML Signature WG
- Webs_08
- Websense
Security Lab Research Highlights for Q3-Q4 2007 - Yama_06
- Yamanner-Quelltext
- Links zu Anhang E:
- [1] Betriebsarten für Blockchiffren (PDF)
[2] DES, 3DES (PDF)
[3] AES (PDF)
[4] RSA (PDF)
[5] SHA (PDF)
[6] MD5 (RFC 1321)
Die verschiedenen erwähnten RFC finden Sie z.B. bei der IETF: RFC.
Quelltexte
Alle längeren Quelltexte liegen gesammelt als ZIP-Archiv vor: AjaxSecurity.zip.
Bilder
Bild 9 aus Anhang E (Klick öffnet das Bild in einer großen Version in einem neuen Fenster):
Sichere Software mit Microsoft .NET entwickeln
Zum bei entwickler.press erschienenen Buch "Sichere Software mit Microsoft .NET entwickeln" habe ich ein Kapitel über Kryptographie beigetragen.